Sunday, January 24, 11:36
Home security Cookiethief malware steals application cookies

Cookiethief malware steals application cookies

A new dangerous one malware, discovered by security researchers called Cookiethief, is designed by malicious agents to steal cookies from browsers and Facebook, gaining root access to Android Appliances.

To acquire hacker access to cookies is particularly dangerous, as web services use them to store on the device a unique session identifier that can identify the user without a password and login.

Cookiethief affects your browser and Facebook app, but it could also steal cookies from any site from other applications in the same way.

Security researchers believe that the malicious Cookiethief program is probably linked to known ones Trojans such as Sivu, Triada and Ztorg.

A persistent one backdoor such as Bood, along with Cookiethief and Youzicheng utilities, can invade a device.

Cookiethief transfection process

Initially, com.lob.roblox, a Cookiethief package downloads to the Android device, similar to the Roblox Android gaming client (com.roblox.client), but has nothing to do with it.

The malware is then connected to a backdoor that is installed on the same smartphone to execute the command and after that, it passes a Shell command to execute and as a result, a backdoor named Bood will drop into a path /system/bin/.bood which helps to run a local server and execute commands received from Cookiethief.

This malicious application is believed to be used to bypass the security system on messenger or the social network, using a proxy server on the victim's device to avoid crawling, and the request on the site will look like a request from a legitimate account.

To apply this method, an executable file is first downloaded and run on the target device.

These two attacks are used by malicious agents to evade detection by Facebook and the attacker can launch the attack. procedure.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...
00:01:55

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...
00:02:12

Elon Musk: Gives $ 100 million for best CO2 capture technology

https://www.youtube.com/watch?v=Y0iUZc30vj4 Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...