New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

A new simple however dangerous strain of Android malware has been observed within the wild that steals customers' authentication cookies from the web surfing and different apps, including Chrome and Facebook, set up at the compromised devices.

Dubbed "Cookiethief" by using Kaspersky researchers, the Trojan works with the aid of acquiring superuser root rights at the target device, and subsequently, switch stolen cookies to a far flung command-and-control (C2) server operated by attackers.

"This abuse approach is possible now not due to a vulnerability within the Facebook app or browser itself," Kaspersky researchers said. "Malware ought to thieve cookie documents of any internet site from other apps inside the equal way and acquire similar results."

Cookiethief: Hijacking Accounts Without Requiring Passwords

Cookies are small pieces of data that's frequently used by websites to differentiate one user from another, provide continuity across the web, track browsing periods across special websites, serve personalized content, and strings associated with centered advertisements.

Given how cookies on a tool permit users to live logged in to a service while not having to again and again signal in, Cookiethief pursuits to make the most this very behavior to permit attackers advantage unauthorized get entry to to the victim bills without understanding their actual on-line accounts passwords.

"This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting sufferer and use the latter's account for personal gain," the researchers said.

Kaspersky theorizes that there ought to be a number of ways the Trojan ought to land up at the tooltogether with planting such malware inside the device firmware earlier than purchase, or through exploiting vulnerabilities in the operating system to down load malicious applications.

Android malware hacks chrome and facebook passwords

Once the device is infected, the malware connects to a backdoor, dubbed 'Bood,' installed on the identical telephone to execute "superuser" instructions that facilitate cookie theft.

How Do Attackers Bypass Multi-Level Protection Offered by way of Facebook?

Cookiethief malware doesn't have it all easy, though. Facebook has security features in vicinity to block any suspicious login attempts, together with from IP addresses, devices, and browsers that had by no means been used for logging into the platform before.

But the awful actors have worked across the problem through leveraging the second piece of malware app, named 'Youzicheng,' that creates a proxy server on the infected tool to impersonate the account owner's geographic area to make the get right of entry to requests legitimate.

"By combining these attacks, cybercriminals can gain whole control over the victim's account and not enhance suspicion from Facebook," the researchers noted.

Android proxy malware

It's no longer yet clear what the attackers are truly after, but the researchers determined a page found on the C2 server advertising and marketing services for distributing unsolicited mail on social networks and messengers — main them to the conclusion that the criminals should leverage Cookiethief to hijack users' social media debts to unfold malicious links or perpetuate phishing attacks.

While Kaspersky categorised the assault as a brand new threat — with handiest approximately 1,000 individuals centered in this manner — it warned that this quantity is "growing" thinking about the issue in detecting such intrusions.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts Reviewed by MrRobot on March 13, 2020 Rating: 5

No comments:

Powered by Blogger.