Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.
“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy
The package name of the Cookiethief Trojan (
The malware doesn’t exploit any flaw in the Facebook app or the browser, the researchers explained that the malicious code achieves root privileges by connecting with another backdoor installed on the smartphone, then passes it a shell command for execution.
The backdoor, tracked as Bood, is located at the path /system/bin/.bood, it launches a local server and executes the command that the passed by the Cookiethief malware.
The analysis of the command and control (C&C) server revealed the presence of a page that advertises services for sending spam on social networks and messengers, a circumstance that suggests the motivation between the development of this malware.
“How can stealing cookies be dangerous? Besides various settings, web services use them to store on the device a unique session ID that can identify the user without a password and login.” continues Kaspersky. “This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain.”
“By combining these two attacks,
The researchers believe that
“As a result, a persistent backdoor like Bood, along with the auxiliary programs Cookiethief and Youzicheng, can end up on the device,” Kaspersky concludes.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.