Skip to main content

Malware Is Targeting Cookies On Android Devices To Gain Access

By March 24, 2020May 9th, 2022Cybersecurity

There’s a new malware threat to be aware of, called “CookieThief,” which is an apt name that describes what the malware does. Honestly though, the Hackers missed the mark here. “CookieMonster” would have been a much better name option.

In any case, it’s part of a growing new collection of malware strains that is able to steal browser and app cookies from infected devices.

It was discovered by Kaspersky Labs. Although the researchers tracking the new strain say that they’re not yet sure how the malware made its way onto infected devices in the first place.

In all, the company is tracking slightly more than a thousand infections, though that number is increasing by the day. In the cases that the researchers have investigated deeply, Facebook cookies appear to be of prime interest to the hackers, allowing them to gain account access and track user movements across the social media platform.

The Kaspersky team stressed that there is no particular security flaw or vulnerability that the hackers behind the code are exploiting. They’re simply pointing out where their main area of interest appears to be. During their analysis, the group found a fork of the code. It is similar but with a few distinct differences. The forked code launches a proxy on the infected device that makes access requests appear legitimate.

The researchers had this to say about the forked code:

By combining these two attacks, cyber criminals can gain complete control over the victim’s account and not raise suspicion from Facebook. From there, the criminals can pose as the victim and take control of their social networking account to distribute undesirable content.”

While there are many more destructive uses that such a Trojan could be used for, the main goal of the hackers in this case appears to be to use compromised accounts to spread fake news stories. Even so, it’s something to be on alert for, as it would be easy to modify it to make it much more destructive.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.