A new dangerous one malware, discovered by security researchers called Cookiethief, is designed by malicious agents to steal cookies from browsers and Facebook, gaining root access to Android Appliances.
To acquire hacker access to cookies is particularly dangerous, as web services use them to store on the device a unique session identifier that can identify the user without a password and login.
Cookiethief affects your browser and Facebook app, but it could also steal cookies from any site from other applications in the same way.
Security researchers believe that the malicious Cookiethief program is probably linked to known ones Trojans such as Sivu, Triada and Ztorg.
A persistent one backdoor such as Bood, along with Cookiethief and Youzicheng utilities, can invade a device.
Cookiethief transfection process
Initially, com.lob.roblox, a Cookiethief package downloads to the Android device, similar to the Roblox Android gaming client (com.roblox.client), but has nothing to do with it.
The malware is then connected to a backdoor that is installed on the same smartphone to execute the command and after that, it passes a Shell command to execute and as a result, a backdoor named Bood will drop into a path /system/bin/.bood which helps to run a local server and execute commands received from Cookiethief.
This malicious application is believed to be used to bypass the security system on messenger or the social network, using a proxy server on the victim's device to avoid crawling, and the request on the site will look like a request from a legitimate account.
To apply this method, an executable file is first downloaded and run on the target device.
These two attacks are used by malicious agents to evade detection by Facebook and the attacker can launch the attack. procedure.