Cybersecurity researchers from Zscaler ThreatLabZ have warned about two different malicious programs for stealing information, called FFDroider and Lightning Stealer.
Infostealers have functions for collecting confidential information from hacked computers, including keylogging, taking screenshots, as well as stealing files, passwords and cookies from web browsers, which are then transferred to a remote domain controlled by an attacker.
FFDroider is able to disguise itself on victims’ systems as an instant messaging application Telegram. The malware is distributed through hacked versions of installers and free software. Facebook Instal was created with the aim of stealing cookies and credentials associated with popular social networks (Facebook, Instagram and Twitter) and e-commerce platforms (Amazon, eBay and Etsy). Web browsers targeted by the malware include Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge.
FFDroider also comes with a loader function to get updates with new modules from the command server, which allows criminals to expand the set of functions over time.
The Lightning infostiler works in a similar way — it can steal Discord tokens, data from cryptocurrency wallets, cookies, passwords, credit card data and search histories from more than 30 Firefox and Chromium-based browsers.