Security researchers at Kaspersky recently posted a warning of new Android malware that can steal cookies and gain control of its victims’ accounts.
According to researchers, when the two malware modifications are combined, they can be used for stealing cookies collected by social media networking sites, as well as browsers themselves. [Hindustan Times]
After that, hackers can gain control of the victims’ accounts and discreetly manipulate what content they are seeing or further infect their system.
Cookies that hackers are able to collect through the malware are actually small pieces of data, which websites collect in order to track what users do, which pages they visit, etc. This information is then used to create a better and more personalized experience during future visits.
Most of the time, cookies are harmless, although many consider them a nuisance. However, in the wrong hands, they can pose quite a security risk, as they can be used for identifying users without needing to ask for login credentials.
If hackers were to obtain these cookies, they could trick the website into thinking that they are the original user, and gain access to the user’s accounts. This is why they developed the two trojans that allow them to do just that. The first acquires root rights on the victim’s device, which lets the hackers transfer cookies to a server that they control.
However, some websites have security measures that prevent this by studying logins and identifying instances from new locations, marking them as suspicious. This is what the second Trojan is for, as it runs a proxy server on the victim’s device, and it allows hackers to bypass such security measures.
Criminals then pose as the user and would be able to hijack social network accounts to distribute various content.
So far, researchers were unable to determine the purpose behind this, although some evidence suggests that the goal might be to spam others on social media or perhaps launch phishing attacks. Researchers estimate that around 1,000 people have been targeted, but the number continues to grow. Experts suggest blocking third-party cookies, clearing them from the browser, and using reliable security solutions as a way of protecting your accounts.