Social mediaįor Facebook and Instagram, the stealer has another trick up its sleeve. The malware also plans to steal saved VPN/dial up credentials from the \Appdata\Microsoft\Network\Connections\Pbk\rasphone.pbkand \Pbk\rasphone.pbkphonebooks if present.It uses specific methods for each browser to exfiltrate the data stored in the target browsers:
BrowsersĪfter checking the IP of the affected machine by querying the legitimate service at, Spyware.FFDroider starts its cookies and credentials stealing routine. Several campaigns were found to push out this spyware, but all of them were easily connected by the malicious program embedded in the cracked versions of installers, and freeware. The analyzed version of Spyware.FFDroider disguises itself on victim’s machines to look like the instant messaging application “Telegram”. The spyware is offered on download sites pretending to be installers for freeware and cracked versions of paid software. The version analyzed by the researchers was packedwith Aspack. A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz.
0 kommentar(er)
