<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

Facebook Hijacked, Yet Again

16 Mar, 2020
Facebook Hijacked, Yet Again

Facebook has been hit yet again in the wild.

A new simple yet extremely risky strain of Android malware has been discovered which steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the corrupted devices.

It has been named as "Cookiethief" by Kaspersky researchers.

This Trojan operates by acquiring super user root rights on the target device and subsequently transfers stolen cookies to a remote command-and-control (C2) server operated by attackers.

"This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."

Cookies are tiny bits of data that are often used by websites to distinguish one user from another, offer continuity around the web, track browsing sessions over different websites, serve personalized content, and strings related to targeted advertisements.

Cookie thief targets to exploit the way in which cookies on a device allow users to stay logged in to a service without needing to repeatedly sign in to let attackers corrupt and consume an online user's account without requiring knowing the particular password of that account.

"This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter's account for personal gain," the researchers said.

Kaspersky theorizes multiple ways in which Trojan could seize the device — including installing such malware in the device firmware before purchase, or by exercising bugs in the operating system to download malicious applications.

On the device getting corrupted, the malware connects to a backdoor, named 'Bood,' placed on the same smartphone to execute "superuser" commands that favor cookie theft.

To be save such attacks it's advisable users block third-party cookies on the phone's browser, clear the cookies regularly and visit websites using private browsing mode.

ISOEH is the organization which teaches effective techniques of preventing digital data theft.

Read for more stories on hacking.

Read Other Breaking News

Read All Breaking News »

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details