FFDroider malware steals Social media accounts

FFDroider new malware steals Facebook, Instagram, Twitter accounts

In an instant, a new malware has emerged named FFDroider, which is stealing credentials and cookies stored in browsers to hijack people’s social media accounts. Now in such a situation, we need to be more careful and we should take more care of our social media accounts and keep on changing the password from time to time.

While social media accounts that have already been or have just been verified, hackers are taking a special hit on those accounts, and they can use them for various malicious activities, including cryptocurrency scams and distributing malware.


Although keeping your social media accounts safe is a bit tricky but it is impossible if you want, FFDroider which is created by cyber hackers, and our accounts are hacked with the help of some cookies and credentials and want to use them for the wrong purposes. We can definitely stop and keep our social media accounts safe.

Although FFDroider authors are mostly targeting only those social media accounts that have access to the advertising platform, Thereby allowing threat actors to use stolen credentials to easily run suspicious advertisements.

Distributed through software cracks

Let us tell you that the researchers of Zscaler are keeping a close eye on the information and dissemination of new types of thieves and have published a detailed technical analysis today based on the information gathered in the hall.

FFDroider is not a unique virus or different from any other virus at all, like other malware it also spreads through software cracks, free software, games, and other files downloaded from torrent sites. So if we take care of all these small things, then we can be saved very easily.

Whenever we install any movie or porn movie from any free software, games, documents, or torrent websites, then this FFDroider also installs without any permission and then starts its game, but to avoid detection Disguised as a Telegram desktop application. So if you want to avoid FFDroider then you also have to avoid the greed of free porn videos and torrent websites.


Once this FFDroider is installed on your system, it will first create a new key of its own name in the Windows Registry Editor of your system, due to which the naming of this new malicious malware.

Researchers of Zscaler created a complete rundown of an attack by this FFDroider, revealing how malicious malware is installed on the victims’ machines.

FFDroid only specifically targets cookies and account credentials stored in the Google Chrome browser or similar browsers such as Microsoft Edge, Internet Explorer, and Mozilla Firefox.

For example, I may tell you that malware reads and parses the Chromium SQLite cookie and SQLite credential store itself and uses the Windows Crypt API, mostly, the CryptUnProtectData function to infect or decrypt entries.

The process is the same for other browsers, with functions such as InternetGetCookieRxW and the IEGet ProtectedMode cookie being misused to very easily steal all the cookies stored in Internet Explorer and Microsoft Edge.

Theft and decryption actually result in a cleartext user name and password, which are then ejected from the C2 server without difficulty via an HTTP POST request; In this campaign, http[:]//152[.]32[.]228[.]19/seemorebty.

Targeting social media accounts By FFDroider

Although we all know that the Trojan virus itself is known to steal passwords, the makers of FFDroider are not interested in all the account credentials stored in the web browser. This malware has a slightly different design that only aims to steal credentials for social media accounts and eCommerce sites including Facebook, Instagram, Amazon, eBay, Etsy, Twitter, and the portals of VAX Cloud Wallet.

To completely avoid this nasty malware FFDroider and keep safe their social media accounts people must be very careful and also avoid porn videos, torrent websites free or crack movies or games.

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.