Warning: FFDroider and Lightning data thieves target users in the wild

Warning: FFDroider and Lightning data thieves target users in the wild

FFDroider and Lightning Stealer are two types of malware that can steal data and launch further attacks, according to cybersecurity researchers.

In a report published last week, Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar said FFDroider disguises itself on victims' machines to look like the instant messaging application 'Telegram.'"

The term "information stealer" refers to a type of hacker who has the ability to collect data from infected computers, such as keystrokes, screenshots, files, passwords saved in browsers, and web browser cookies, and transmit it to a remote server under the control of the attacker.

To steal cookies and credentials from popular social media and e-commerce platforms and use the stolen data to login into accounts and capture other personal account-related information, FFDroider is distributed through cracked versions of installers and freeware.

Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge are among the browsers that have been infected. Facebook, Instagram, Twitter, Amazon, eBay, and Etsy are among the websites that are being targeted.


Warning: FFDroider and Lightning data thieves target users in the wild

Facebook Ads-Manager and Instagram APIs are used by the thief to run malicious advertisements with stored payment methods and to steal personal information from victims' social media accounts," the researchers said.

Additionally, FFDroider has a feature that allows it to download new modules from an update server, allowing malicious actors to exploit the stolen data as a means of gaining access to a target.

Main Function of Lightning Stealer

It is similar to the Lightning stealer in the sense that it can steal Discord tokens, information from cryptocurrency wallets, as well as details about cookies, passwords, credit cards, and search history from more than 30 Firefox and Chromium-based browsers, all of which is exported to the server in a JSON format.

According to Cyble researchers, "Info Stealers are adopting new techniques to become more evasive." Cyble also noted that it "witnessed ransomware groups leveraging Info Stealers to gain initial network access and, ultimately, exfiltrating sensitive data."

Since Raccoon Stealer was removed from the market at the end of March due to the ongoing conflict in Ukraine, stealer malware has become increasingly common in various attack campaigns.

When Cyble Research released the details of a new threat called Jester Stealer in February 2022, they explained that it was designed to steal and transmit passwords and credit card information as well as data from password managers and crypto wallets to the hackers.

Three new info-stealers have emerged since then, including BlackGuard, Mars Stealer, and META, the last of which has been observed to be delivered via spam campaigns in order to collect sensitive data.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post