Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts

Social media accounts, especially verified (green tick) accounts, are attractive targets for hackers because they can use hacked accounts for other fraudulent purposes.

These accounts are even more attractive if they have access to the advertising platforms of the social networks. From there, the hacker can use the victim's account and money to run malicious ads.

According to researchers at Zscaler, FFDroider spreads through crackers, fake freeware, cracked games, and other files downloaded from torrent sites.

Once installed, the FFDroider malware will also be installed, but disguised as the Telegram desktop application to avoid detection.

Once launched, the malware creates a Windows registry key named FFDroider. Next, it starts collecting cookie data and account credentials stored in Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge.

FFDroider is designed to target social logins and e-commerce sites. The hacker behind this malicious code paid special attention to Facebook, Instagram, Amazon, eBay, Etsy, Twitter accounts and the WAX ​​Cloud wallet access gateway.

After stealing the information and sending it to the command and control server (C2), FFDroider will download new modules. It is not yet known what the new modules will do, but Zscaler predicts they will pose a greater threat.