Researchers at Kaspesky have discovered two new Android malware modifications that, when combined, can steal cookies collected by user’s browsers and social media apps to allow an attacker to discreetly gain control over a victim’s accounts.
Cookies are small pieces of data collected by websites in order to track a user’s activity online to create personalized experiences in the future. In the wrong hands though, they can pose a security risk because cookies use a unique session ID that identifies users without requiring a password or login.
Once in possession of a user’s ID, attackers can trick websites into thinking that they are that person and take control of their account. This is exactly what these two new Trojans with similar coding controlled by the same command and control (C&C) server do.
Stealing cookies
The first Trojan acquires root rights on a victim’s device and this allows an attacker to transfer cookies from Facebook to their own servers. However, simply having a user’s ID number is not enough to take control of an account in some circumstances. For instance, some websites have security measures in place that prevent suspicious log-in attempts.
This is where the second Trojan comes into play as it is a malicious app which can run a proxy server on a victim’s device to bypass security measures to gain access without arousing suspicion. This allows an attacker to pose as the victim and take control of their social networking accounts to distribute undesirable content.
At this time, the aim of the cybercriminals stealing user’s cookies is unknown but a page uncovered on the same C&C server may provide a hint. The page advertises services for distributing spam on social networks and messengers which means that attackers could be looking for account access as a means to launch widespread spam and phishing attacks.
Malware analyst at Kaspersky, Igor Golovin explained in a press release that while new, this threat will likely continue to grow, saying:
“By combining two attacks, the cookie thieves discovered a way to gain control over their victims’ accounts without arousing suspicions. While this is a relatively new threat—so far, only about 1000 individuals have been targeted—that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect. Even though we typically don’t pay attention to cookies when we’re surfing the web, they’re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention.”
