Security News > 2020 > March > Trojan Raids Android Users’ Cookie Jars
Their tastes however can run to a different sort of cookie, as evidenced by a fresh strain of Android malware that may be implanted prior to users purchasing a device.
Appropriately dubbed "Cookiethief" by the Kaspersky researchers who discovered it, the trojan has a straightforward goal: "Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals' server," explained Kaspersky researchers Anton Kivva and Igor Golovin, in an analysis on Thursday.
"As a result, a persistent backdoor like Bood, along with the auxiliary programs Cookiethief [and others], can end up on the device," according to the researchers, who added that they have seen both tactics being used before by related malware.
Cookiethief doesn't have carte blanche to raid the cookie jar - cookie-based instant access to accounts is blocked by Facebook and other services if a user's activity is deemed atypical - such as logging in from a new device or location.
The malware authors apparently have anticipated this hurdle though: Another app on the same C2 server, dubbed Youzicheng, can be used to run a proxy on the victim's device.