March 16, 2020 By David Bisson 2 min read

Researchers spotted a new cookie-stealing Trojan called “Cookiethief” that is targeting users’ social media accounts and browsers.

Kaspersky Lab observed that the primary aim of the malware, which they detected as Trojan-Spy.AndroidOS.Cookiethief, was to gain root privileges on a victim’s Android device. The cookie-stealing malware then leveraged that level of access to transfer cookies employed by the user’s browser and Facebook account to a command-and-control (C&C) server under the attacker’s control. It did so not by exploiting a vulnerability in either Facebook or the browser. Instead, it connected with a backdoor installed on the same device and used it to execute commands.

To avoid raising red flags with Facebook, Cookiethief employed Trojan-Proxy.AndroidOS.Youzicheng to run a proxy on the victim’s device. This step helped the malware bypass security solutions on the social network by disguising the attacker’s request as one from a legitimate user account.

Social Media Cookie Stealers Aplenty

Cookiethief is not the first malware to target social media users’ cookies. Back in April 2018, for instance, Radware detected an attack campaign that relied on a malware family called “Stresspaint” to infect 40,000 users and steal tens of thousands of Facebook user credentials/cookies within a matter of days. In December 2019, Naked Security reported on a threat called “AdKoob” that dug into a victim’s browser database of cookies for the purpose of looking up their ad spending on Facebook.

Defend Against Cookie-Stealing Trojans

Stealing a user’s cookies is no joke. Web services like Facebook leverage cookies to store a unique session ID on a victim’s device. That session ID can permit the user to regain access to their account without providing their login credentials. This means that, in the wrong hands, cookies can enable digital attackers to assume the identities of legitimate users and effectively bypass identity and access management (IAM) features such as multifactor authentication (MFA).

Threat actors can then leverage that disguise to conduct secondary attacks. In the case of Cookiethief, the attackers could have used a module to distribute spam on social networks and messengers, activity that could have hurt the victim’s reputation.

Acknowledging this activity, security professionals can help protect their organizations against a cookie-stealing Trojan like Cookiethief by using the latest threat intelligence to stay vigilant and aware of the malware threats targeting their users. Companies should also augment the strength of their IAM program by investing in a modern system that extends across an organization’s entire IT infrastructure, including the cloud.

More from

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

How I got started: AI security researcher

4 min read - For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) systems. Their responsibilities vary, but key roles include identifying and analyzing potential security flaws in AI models and developing and testing methods malicious actors could…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today