Android smartphone and tablet owners have been warned about a worrisome new strain of malware found “in the wild” – which means that cyber crooks are already deploying it online. In a nutshell, the new digital infection steals users’ authentication cookies from web browsers and other apps, including the likes of Facebook. Sensitive information is then transferred from the compromised device to the hackers’ servers.
Cookies are small chunks of information designed to improve your browsing experience online – it’s what allows websites to remember who you are and serve-up personalised recommendations, remember your previous searches so you don’t have to, and more. Cookies are also used to target advertisements based on your browsing history.
It’s also cookies that allow your account to stay signed-in to a website or online service, so you don’t have to login every time you visit a site.
And it’s this particular behaviour that the new malware strain – aptly dubbed CookieThief by the Kaspersky researchers who uncovered it – aims to exploit to steal your personal information. According to the researchers, hackers are able to siphon-off cookie data to gain unauthorised access to your online accounts behind your back. To do this, the hackers won’t even need to know your password.
Android fans beware: Delete this app now or your phone could be WIPED of everything
The crooks will be logged-in automatically just as you are whenever you navigate to one of your favourite sites on your home computer.
“A cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain,” the researchers said. “This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself. Malware could steal cookie files of any website from other apps in the same way and achieve similar results,” they added.
Kaspersky doesn’t know exactly how this malware spreads. However, the researchers have theorised that cyber crooks could install the malicious code on the smartphone or tablet before purchase. It could also be installed on your device by exploiting vulnerabilities in the Android operating system when downloading malicious applications.
This is why it’s so important to ensure you’re running the latest available version of Android since Google regularly patches these types of vulnerability in its updates.
Facebook already has a number of measures in place to block any suspicious login attempts – such as those from locations, devices, or brands of web browser that it does recognise. For example, if you’ve never logged into your Facebook account from Australia before, that is going to be flagged as suspicious by Facebook.
However, what makes CookieThief so clever – and therefore, so worrying – is that hackers have found a way to create a proxy server on the infected device to impersonate the location, web browser, and more so that the login attempt from the hackers looks legitimate.