The FFDroider and Lightning info-stealers are on the loose

The FFDroider Stealer

FFDroider and Lightning Stealer are two new types of malware that may steal data and launch subsequent attacks, according to cybersecurity experts.


A report by Zscaler ThreatLabz researchers reveals that Info-Stealer malware has become more popular across various attack campaigns in recent months. Information stealers are known for harvesting different types of sensitive information such as keystrokes, screenshots, files, stored passwords, and cookies from web browsers. These threats can not only collect this information but also send it to a remote attacker-controlled site where it can be exfiltrated.

FFDroider is a new malware that pretends to be the instant messaging software “Telegram” in order to steal user credentials and cookies and send them to a Command & Control server. According to the information that is available, cracked versions of installers and freeware are used to spread FFDroider, which is primarily used to steal cookies and credentials from prominent social networking and e-commerce platforms and use the stolen data to log into the accounts and collect additional personal account-related information.

In order to steal personal information from victims, the info-stealer uses stolen cookies to get access to social media platforms including Facebook Ads Manager and Instagram API, the researchers explain. Additionally, FFDroider has a capability that lets it download new modules from an update server, allowing hostile actors to use the stolen data as a means of gaining access to a target.

Lightning Stealer is another malware that operates in a similar fashion. The information that can be stolen with this threat includes Discord tokens, cryptocurrency wallet data, and more than 30 Firefox and Chromium-based browser cookies. All of this information is then sent to a server in JSON format, where it can be accessed.

Jester Stealer, another new threat discovered by Cyble Research in February this year, is designed to steal login credentials, cookies, credit card information, as well as data from passwords managers, chat messengers, email clients, crypto wallets, and gaming applications. The security professionals from Cyble are also alarmed about a new trend where Ransomware groups are utilizing Info Stealer malware to get initial network access and, ultimately, exfiltrate sensitive data.

BlackGuard, Mars Stealer, and META are three more additions to the info-stealer malware group that has been spotted in the wild since then, and the latter has been used in malspam campaigns to steal sensitive information from selected targets.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment