14 DAY TRIAL // Security vendor Kaspersky has come across two new forms of malware which can compromise an Android device in order to take control of social accounts, such as those on Facebook.
According to a release from Kaspersky, the new pair of malware infections are supposed to provide attackers with access to social accounts possibly to conduct widespread spam and phishing accounts.
The two infections work together and compromise devices in stages.
First, one form of malware tries to obtain root rights on the compromised device, essentially allowing cybercriminals to extract Facebook cookies and upload them to a controlled server.
“However, oftentimes, simply having the ID number isn’t enough to take control of an account. Some websites have security measures in place that prevent suspicious log-in attempts—say, for example, a user previously active in Chicago attempts to log in from Bali just a few minutes later,” Kaspersky says.
Then, the second Android Trojan is supposed to set up a proxy server on the compromised device that allows the malicious actors to bypass any security measures in place, pretty much controlling the device and thus going online to use the victim’s social accounts.
How to protect your device
The good news is that only a few people have already been compromised by Cookiethief, but this method of compromising Android devices could become more common shortly.
“By combining two attacks, the cookie thieves discovered a way to gain control over their victims’ accounts without arousing suspicions,” Igor Golovin, malware analyst at Kaspersky.
“While this is a relatively new threat—so far, only about 1000 individuals have been targeted—that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect. Even though we typically don’t pay attention to cookies when we’re surfing the web, they’re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention.”
Always downloading apps from trusted sources, blocking third-party cookie access and periodically clearing cookies are three ways to stay secure against these attacks.