INSUBCONTINENT EXCLUSIVE:
Researchers at Kaspesky have discovered two new Android malware modifications that, when combined, can steal cookies collected by user's
browsers and social media apps to allow an attacker to discreetly gain control over a victim's accounts.Cookies are small pieces of data
collected by websites in order to track a user's activity online to create personalized experiences in the future
In the wrong hands though, they can pose a security risk because cookies use a unique session ID that identifies users without requiring a
password or login.Once in possession of a user's ID, attackers can trick websites into thinking that they are that person and take control
This is exactly what these two new Trojans with similar coding controlled by the same command and control (C-C) server do.The first Trojan
acquires root rights on a victim's device and this allows an attacker to transfer cookies from Facebook to their own servers
However, simply having a user's ID number is not enough to take control of an account in some circumstances
For instance, some websites have security measures in place that prevent suspicious log-in attempts.This is where the second Trojan comes
into play as it is a malicious app which can run a proxy server on a victim's device to bypass security measures to gain access without
This allows an attacker to pose as the victim and take control of their social networking accounts to distribute undesirable content.At this
time, the aim of the cybercriminals stealing user's cookies is unknown but a page uncovered on the same C-C server may provide a hint
The page advertises services for distributing spam on social networks and messengers which means that attackers could be looking for account
access as a means to launch widespread spam and phishing attacks.Malware analyst at Kaspersky, Igor Golovin explained in a press release
