Cookiethief
Cookiethief is an Android Trojan that hijacks Facebook accounts by compromising their cookies and falsifying the authenticity of its data access requests. Accounts under its control may distribute unsafe content, such as links to schemes or other threats. Users should let appropriate anti-malware products protect their device by removing Cookiethief along with the Bood backdoor Trojan that's a significant secondary component of infections.
All that's Wrong with a Little Cookie Thievery
The evolution of phones comes with downsides as well as advantages, which threat actors are showing off readily with the new Cookiethief. With an infection tally at a thousand and climbing, Cookiethief is making non-consensual headway into social media space by taking over accounts. Although the goals of its campaign aren't known, malware experts speculate on the further distribution of harmful software as being quite likely.
Cookiethief gains root access to the device during its initial setup and establishes control over the device with a secondary component: Bood, a backdoor Trojan. This Trojan executes commands that it receives from the Cookiethief C&C server, which includes collecting cookies. Cookies are temporary data that websites and services save for 'remembering' user profiles.
These attacks are invasive for hijacking accounts themselves insufficiently. However, Cookiethief also creates a proxy that legitimizes its access requests, potentially letting it take over the accounts whose cookies it compromises. Although malware experts stress that the attack applies to many services, current Cookiethief configurations are favoring Facebook users, especially.
Swatting Cookiethief Out of Your Cookie Jar
Cookiethief's Command & Control features reveal the potential for a far greater scope of attacks than its campaign is leveraging, at present. Nonetheless, losing control over one's Facebook account is a significant inconvenience and privacy hazard, not just for the affected user, but all of their Facebook contacts. Cookiethief is specific to Android devices, but hijacked Facebook accounts may endanger users on other operating systems, such as Windows desktops, by promoting obfuscated links with drive-by-download exploits or social engineering tactics.
The channels of Cookiethief's distribution lack extensive examination by the cyber-security sector and may include various options, but don't imply any ongoing vulnerabilities in Facebook or the victims' Web browsers. Android users should watch for potentially threatening applications, even in official stores, and avoid downloading new files without verifying their safety first. Most threats are detectable before executing, as long as the user's anti-malware services have their latest databases.
Disinfecting devices requires, again, traditional anti-malware programs for uninstalling Cookiethief and the Bood backdoor Trojan before implementing any cleanup safety procedures. Users should strongly consider resetting passwords and answers to security questions for all accounts at risk.
Cookiethief's numbers are small, but it's just getting started. With an infrastructure that suggests contact with supporting threats like Ztorg and Sivu, it's threat actors know what they're doing – and what part of the social Web they want to camp.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.