Facebook Accounts hijacks by Cookiethief Android Malware through the use of Browser Cookies it transfers to the attacker’s C&C Server:
These days, a new strain of Malware that is targeting Android devices found by Kaspersky Labs Researchers and every passing day thus far it has claimed around 1,000 victims with the number growing higher.
As Cookiethief, Dubbed rather interestingly by researchers: this TROJAN pursuits to gather “superuser root rights at the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers,” researchers wrote in their blog post.
Because of a Security Vulnerability within the web browser of the Facebook app it’s really worth noting that the exploitation doesn’t occur however because of the Cookies. From all of the Websites and Apps it’s far no secret that browsers store cookies and there is a way to display relevant consequences as user visits.
Differentiating among users, monitor browsing activities, and display ads are assists by Cookies. Basically, Cookies are, tiny bits of information. Cookies are transferred that the browser or Facebook app uses by this Trojan and sends it to the attacker’s C&C Server. Without any difficulty the malware can steal cookies from all of the websites and apps.
Cookies also store a unique session id on the device, which the websites use to identify a user without requesting for login information or password. Apart from storing information about user’s browsing preferences, “The Reason Cookiethief” is a cause of concern.
Without acquiring a login id or password, the victim’s profile can easily hijack via Cookies Cybercriminals and use the account for personal gains. At the C&C server, The Researchers also identified a web page and that’s used on Web Messengers and Social Networks for Marketing Spam Distribution Services.
Another App Dubbed “Youzicheng” using a similar coding approach and communicating with the same C&C Server, are identified by “Kaspersky Researchers”. Its motive is to run a proxy on the targeted device to bypass the security systems of the Social Network or Web Messenger in order that the attacker’s website request seems legit, it’s far assumed that the same developer is behind this app as well.
Furthermore without alerting Facebook, via the two strategies, attackers can fully control the account. Despite the fact that, throughout the development phase or even as purchasing, Cookiethief can invade almost any device through being embedded into the firmware. Otherwise, to access the system it could exploit Android OS Flaws and download different Malicious Software inclusive of Bood Backdoor.
Consequently, refrain from downloading apps from a third-party app store, install reliable anti-malware and keep an eye fixed on permissions your apps ask for. The good news is that these apps aren’t available on the Play store yet.