Another malware has become active in the wild targeting Android devices. Dubbed Cookiethief, this Android malware does what its name suggests – stealing session cookies.
Cookiethief Android Malware
Researchers from Kaspersky have found a new trojan in the wild threatening the security of Android devices. Researchers have called this malware ‘Cookiethief’ since it pilfers users’ active session cookies from target devices. Consequently, the attackers able to abuse these cookies to takeover accounts and steal data.
Explaining their findings in a blog post, the researchers stated that the malware detected as Trojan-Spy.AndroidOS.Cookiethief aims at gaining root access to the target device. The malware then sends the cookies from the device to C&C servers controlled by the attackers.
In brief, the malware installs the Bood backdoor on to the target device that connects with the C&C server and passes shell commands for execution.
However, for the successful takeover of victims’ accounts via cookies, which may be troublesome with apps such as Facebook, the malware collaborates use another Trojan, identified as Trojan-Proxy.AndroidOS.Youzicheng, the second malware runs a proxy on the victim device to let the service seem like a legitimate login.
More details regarding the technicalities of this malware attack are available in the researchers’ post.
What’s The Risk?
While an average user may think of cookies as harmless files, for the cybercriminals, cookies are a treasure trove. As stated by the researchers,
Besides various settings, web services use them to store on the device a unique session ID that can identify the user without a password and login. This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain.
Exploiting these cookies allows the adversary to hack users’ accounts, such as social media, especially Facebook. They can then abuse the hacked accounts for spreading malicious messages or fake news.
Likewise, attackers may also exploit these cookies to steal other important data as required.
For now, it is unclear how this Android malware may spread. The researchers have noticed the malware spreading in the wild, until more details and a cure for this infection are available, Android users must remain vigilant, particularly from phishing emails and messages to the installation of third-party apps, they must avoid all such activities that involve third-party entities in any way.
Let us know your thoughts in the comments.