Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.
“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy
The package name of the Cookiethief Trojan (
The malware doesn’t exploit any flaw in the Facebook app or the browser, the researchers explained that the malicious code achieves root privileges by connecting with another backdoor installed on the smartphone, then passes it a shell command for execution.
The backdoor, tracked as Bood, is located at the path /system/bin/.bood, it launches a local server and executes the command that the passed by the Cookiethief malware.
The analysis of the command and control (C&C) server revealed the presence of a page that advertises services for sending spam on social networks and messengers, a circumstance that suggests the motivation between the development of this malware.
“How can stealing cookies be dangerous? Besides various settings, web services use them to store on the device a unique session ID that can identify the user without a password and login.” continues Kaspersky. “This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain.”
“By combining these two attacks,
The researchers believe that
“As a result, a persistent backdoor like Bood, along with the auxiliary programs Cookiethief and Youzicheng, can end up on the device,” Kaspersky concludes.