New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
Shivanshu Sharma
Cloud Engineer @ Searce Inc | Multi Cloud | AWS Certified x3 | Terraform Certified | GCP Certified x1 | Azure Certified x1 | Corporate Cloud Trainer
Cookiethief: Hijacking Accounts Without Requiring Passwords
Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different websites, serve personalized content, and strings related to targeted advertisements.
Given how cookies on a device allow users to stay logged in to a service without having to repeatedly sign in, Cookiethief aims to exploit this very behavior to let attackers gain unauthorized access to the victim accounts without knowing their actual online accounts passwords.
Kaspersky theorizes that there could be a number of ways the Trojan could land up on the device — including planting such malware in the device firmware before purchase, or by exploiting vulnerabilities in the operating system to download malicious applications.
How Do Attackers Bypass Multi-Level Protection Offered by Facebook?
Cookiethief malware doesn't have it all easy, though. Facebook has security measures in place to block any suspicious login attempts, such as from IP addresses, devices, and browsers that had never been used for logging into the platform before.
But the bad actors have worked around the problem by leveraging the second piece of malware app, named 'Youzicheng,' that creates a proxy server on the infected device to impersonate the account owner's geographic location to make the access requests legitimate.
"By combining these two attacks, cybercriminals can gain complete control over the victim's account and not raise suspicion from Facebook," the researchers noted.
It's not yet clear what the attackers are really after, but the researchers found a page found on the C2 server advertising services for distributing spam on social networks and messengers — leading them to the conclusion that the criminals could leverage Cookiethief to hijack users' social media accounts to spread malicious links or perpetuate phishing attacks.
Site Reliability Engineer | Cloud Infrastructure | Incident Management | AWS | SAAS | CRM
4 年??