FTCode is a PowerShell-based ransomware strain first spotted in 2013 by security researchers at Sophos, a malware that resurfaced in October 2019 as the final payload in a spam email campaign targeting Italian recipients. The malware is now capable of stealing saved user credentials from both web browsers (Internet Explorer, Mozilla Firefox, Google Chrome) and email clients (Mozilla Thunderbird and Microsoft Outlook) FTCode will deliver it to its operators using a POST request sent to its command-and-control server, with the usernames and passwords being encoded using the Base64 encoding scheme.
Source: https://www.bleepingcomputer.com/news/security/ftcode-ransomware-now-steals-saved-login-credentials/