Recently, Zscaler ThreatLabz, a global team of security experts, researchers and network engineers, has discovered a new type of malware that can fool almost anyone with its excellent camouflage.
Known as Win32.PWS.FFDroider (FFDroider for short), the Windows-based software creates a registry key called FFDroider that can send stolen credentials and cookies to command and control servers.
According to the Zscaler ThreatLabz team, FFDroider mimics the widely used messaging app Telegram. After gaining access to a user's device or PC, FFDroider begins the attack by stealing cookies and credentials from browsers including Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge.
Using the stolen cookie, FFDroider will log into the user's social media platform to extract account information, which will be used to steal more personal or sensitive information.
Additionally, the Zscaler ThreatLabz team reports that it will display fake ads to trick users into entering their sensitive information, leading to further attacks.
The group said the malware was most effective on Facebook. Additionally, users from Instagram and Twitter, as well as users of e-commerce sites such as Amazon, eBay, and Etsy, may also be targeted. Once a user's personal information is stolen, criminals can use it to make money.
Therefore, users need to be mindful of the channel when downloading Telegram and set up major security protections, such as timely software updates and the use of two-factor authentication for social media accounts.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。