A new simple but dangerous strain of Android malware has been found in the wild that steals users’ authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Dubbed “Cookiethief” by Kaspersky researchers, the Trojan works by acquiring superuser root rights on the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers.
“This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself,” Kaspersky researchers said. “Malware could steal cookie files of any website from other apps in the same way and achieve similar results.”
Cookiethief: Hijacking Accounts Without Requiring Passwords
Cookies are small pieces of information that’s often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different websites, serve personalized content, and strings related to targeted advertisements.
Given how cookies on a device allow users to stay logged in to a service without having to repeatedly sign in, Cookiethief aims to exploit this very behavior to…