There’s a new malware threat to be aware of, called “CookieThief,” which is an apt name that describes what the malware does. Honestly though, the Hackers missed the mark here. “CookieMonster” would have been a much better name option.
In any case, it’s part of a growing new collection of malware strains that is able to steal browser and app cookies from infected devices.
It was discovered by Kaspersky Labs. Although the researchers tracking the new strain say that they’re not yet sure how the malware made its way onto infected devices in the first place.
In all, the company is tracking slightly more than a thousand infections, though that number is increasing by the day. In the cases that the researchers have investigated deeply, Facebook cookies appear to be of prime interest to the hackers, allowing them to gain account access and track user movements across the social media platform.
The Kaspersky team stressed that there is no particular security flaw or vulnerability that the hackers behind the code are exploiting. They’re simply pointing out where their main area of interest appears to be. During their analysis, the group found a fork of the code. It is similar but with a few distinct differences. The forked code launches a proxy on the infected device that makes access requests appear legitimate.
The researchers had this to say about the forked code:
“By combining these two attacks, cyber criminals can gain complete control over the victim’s account and not raise suspicion from Facebook. From there, the criminals can pose as the victim and take control of their social networking account to distribute undesirable content.”
While there are many more destructive uses that such a Trojan could be used for, the main goal of the hackers in this case appears to be to use compromised accounts to spread fake news stories. Even so, it’s something to be on alert for, as it would be easy to modify it to make it much more destructive.