Cybersecurity experts at Kaspersky Lab have identified two new malware that, when paired, can steal cookies stored in mobile browsers and social networking applications. Cookie theft allows attackers to take control of victims' social media accounts in order to send messages on their behalf.
The first malware is a Trojan program that, after getting onto the victim's device, obtains root rights that give access to the data of all installed applications. It is also used to send detected cookies to a server controlled by attackers.
However, cookies do not always allow you to take control of the victim's accounts. Some websites prevent suspicious login attempts. The second Trojan is used in such cases. It is able to launch a proxy server on the victim's device. This approach allows you to bypass security measures and log into the victim's account without arousing suspicion.
The report notes that both Trojans do not exploit browser or social network client vulnerabilities. New Trojans can be used by attackers to steal cookies stored on any website. At the moment, it is not known for what purpose the theft of cookies is carried out. It is assumed that this is being done to further provide services for the distribution of spam in social networks and instant messengers. Most likely, the attackers are trying to gain access to other people's accounts in order to organize a large-scale campaign to send spam or phishing messages.
“By combining the two types of attacks, attackers have found a way to take control of user accounts without arousing suspicion. This is a relatively new threat, so far no more than a thousand people have been exposed to it. This number is growing and will most likely continue to grow, given that it is difficult for websites to detect such attacks,” comments Igor Golovin, virus analyst at Kaspersky Lab.
Kaspersky Lab recommends that users avoid downloading applications from untrusted sources, update device software in a timely manner, and regularly scan the system for infections in order to avoid becoming a victim of such malware.
Source: 3dnews.ru