Cookiethief:- A Cookie Stealing Malware For Android
By Yash Kudal
A new but dangerous version of Android malware has been discovered that steals users authentication cookies from web browsers and other applications, including Chrome and Facebook, which are installed on compromised devices.
The malware is called “Cookiethief” which is commonly known as Kaspersky Trojan which works by retrieving the root privileges on the target device, and later, transfers the stolen cookies to the command-and-control (C2) server used by attackers.
“This type of harassment is not possible because of the bug in Facebook app or the browser itself,” Kaspersky investigators said. Malware can steal cookie files of any website from other applications and get similar results. “
Cookiethief: Hijacking Accounts Without Needing Passwords.
Cookies are small pieces of information that websites often use to differentiate one user from another providing continuity to the web, tracking browsing times across various websites, offering personalized content, and related ad-targeted content.
Given how cookies on the device allow users to stay logged in without repeated logins, Cookiethief aims to exploit this behavior to make attackers gain unauthorized access to victim’s accounts without knowing their online account passwords
Kaspersky says there may be a few ways Trojan can get on the phone which includes planting it in the firmware factory before making a purchase, or by using the vulnerability in the operating system to download malicious applications.
When the tablet is infected, the malware connects to a background icon, called ‘Bood,’ installed on the same smartphone to carry out the “superuser” instructions that allow theft of cookies.
How Attackers Can Bypass Multi-Level Protection Provided By Facebook?
Cookie malware isn’t all that easy, though. Facebook has security measures in place to block any suspicious login attempts, such as IP addresses, devices, and browsers that have never been used to sign in to the site before.
But the hackers worked out the problem by installing a second part of the malware app, named ‘Youzicheng,’ which builds a proxy server on an infected device to mimic the account owner’s location to make access requests valid.
It is still unclear what the attackers actually are, but investigators found a page found on C2 customers advertising spam distribution services on social networks and agents leading to the conclusion that criminals could find Cookiethief on social media accounts to distribute malicious links or develop phishing attacks .
While Kaspersky classifies the attack as a new threat with only about 1,000 people being targeted. In this way he has warned that the number is on the rise in view of the difficulty in detecting such a disturbance.
For security against such attacks, it is recommended that users block third-party cookies from the phone browser, delete cookies frequently, and visit websites using a private browsing mode.