Login

Register

Login

Register

#cybersecurity | hacker | Cookie-stealing Android trojan likely used for spam distribution campaign


Who stole the cookie from the cookie jar? It’s Cookiethief, a newly discovered Android trojan that gains root access to devices and exfiltrates browser and Facebook app cookies to a malicious server.

Attackers typically use stolen cookies to impersonate victims and access their online accounts in unauthorized fashion. In this instance, researchers believe the culprits are using the cookies for a spam scheme, based on an investigation of the attackers’ command-and-control server, which turned up a page that advertises services for distributing spam on social networks and messenger apps.

The campaign appears to be in its early stages, with fewer than 1,000 known victims, according to a Thursday blog post from Kaspersky, whose research team discovered the threat.

“To execute superuser commands, the malware connects to a backdoor installed on the same smartphone and passes it a shell command for execution,” states the report, authored by Kaspersky researchers Anton Kivva and Igor Golovin. “The backdoor Bood, located at the path /system/bin/.bood, launches the local server and executes commands received from Cookiethief.”

The researchers also uncovered a second malicious app, Youzicheng, which the attackers are apparently using to run a proxy on victims’ devices in order to circumvent the security mechanisms of social networks or messenger services that might otherwise flag spam activity.

“By combining these two attacks, cybercriminals can gain complete control over the victim’s account and not raise a suspicion from Facebook,” the blog post states.

It is currently unknown precisely how victims are infected, but Kaspersky notes that this kind of malware often times is secretly installed in a device’s firmware prior to purchase, or it sneaks into system folders via operation system vulnerabilities. A browser or Facebook bug is not, however, to blame.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW