Android malware steals cookies to hijack social media accounts

Cybercriminals are stealing user’s cookies to take over their accounts

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers atKaspeskyhave discovered two new Android malware modifications that, when combined, can steal cookies collected by user’s browsers and social media apps to allow an attacker to discreetly gain control over a victim’s accounts.

Cookiesare small pieces of data collected by websites in order to track a user’s activity online to create personalized experiences in the future. In the wrong hands though, they can pose a security risk because cookies use a unique session ID that identifies users without requiring a password or login.

Once in possession of a user’s ID, attackers can trick websites into thinking that they are that person and take control of their account. This is exactly what these two new Trojans with similar coding controlled by the same command and control (C&C) server do.

Stealing cookies

Stealing cookies

The first Trojan acquires root rights on a victim’s device and this allows an attacker to transfer cookies from Facebook to their own servers. However, simply having a user’s ID number is not enough to take control of an account in some circumstances. For instance, some websites have security measures in place that prevent suspicious log-in attempts.

This is where the second Trojan comes into play as it is a malicious app which can run a proxy server on a victim’s device to bypass security measures to gain access without arousing suspicion. This allows an attacker to pose as the victim and take control of their social networking accounts to distribute undesirable content.

At this time, the aim of the cybercriminals stealing user’s cookies is unknown but a page uncovered on the same C&C server may provide a hint. The page advertises services for distributing spam on social networks and messengers which means that attackers could be looking for account access as a means to launch widespread spam andphishing attacks.

Malware analyst at Kaspersky, Igor Golovin explained in apress releasethat while new, this threat will likely continue to grow, saying:

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“By combining two attacks, the cookie thieves discovered a way to gain control over their victims’ accounts without arousing suspicions. While this is a relatively new threat—so far, only about 1000 individuals have been targeted—that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect. Even though we typically don’t pay attention to cookies when we’re surfing the web, they’re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention.”

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

The 6 best electric motorcycle concepts and launches from EICMA 2024