A new malware called “ Cookiethief ” has been identified, according to Kaspersky's analysis lab. The operating system affected by this malware is the Android operating system. As the malware name suggests, its main activity is to steal cookies from the victim's mobile phone. Among the most important targets of this malware are cookies related to web browser and Facebook app. The malware sends them to its server after accessing these cookies.
Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different websites, serve personalized content, and strings related to targeted advertisements.
The attacker can access the victim's accounts by accessing this stolen information without having a password. After accessing these accounts, the attacker uses this access to send out promotional messages, infected links, and phishing attacks on social networks and messengers.
Although some sites and applications have security mechanisms in place to detect users' unusual behavior, the malware breaks through these security mechanisms by implementing a new approach. For example, if a user changes their geographic location, they will have to re-enter their password to Login into site or app. Despite this mechanism, it is not possible to login into the account only with the victim's cookies. To fix the problem, the malware has turned the victim's mobile into a proxy server to perform malicious activity through the victim's mobile phone and impersonate victim's identity. By doing so, none of the security mechanisms designed, involved, and the attacker have complete control over the victim's accounts without any suspicious behavior. Install required software from reliable sources like Google Play
- Disable Third-party Cookies
- Clearing and deleting cookies at specified and short intervals
- Use sites in Private Browsing or Incognito mode