A new Android Trojan horse virus called CookieThief that steals Facebook accounts using cookies has been spotted by researchers at Kaspersky Labs. Facebook is a gold mine for hackers. Not only do we share a lot of personal information that can be used against us in phishing attempts, but it’s also a great gateway to spreading other viruses and junk.
Someone who takes control of our Facebook account can easily share malicious links or documents without raising too much suspicion. This is why the new CookieThief virus has nothing to reassure, especially since it may have installed before we even bought our phone.
The Android CookieThief Trojan seeks to steal your Facebook
The antivirus company Kaspersky Labs has released its discovery of the CookieThief Trojan. As its name implies, its purpose is to steal cookies. Cookies are mainly used for online advertising. Example, when you consult a travel site and then see their advertisements on other sites, it is the work of a cookie.
The catch is that cookies also allow us to identify ourselves on the web and can allow us to connect to our account without a username and password. Example, if we close our Facebook tab on our browser and we want to return to browse Facebook again, we will never be asked to re-enter our password.
This is where the cookie comes into play, since it recorded our connection information in order to say to Facebook: “Ah, no need to ask me for access, look it was me who was there earlier with this access ID”. Cookies can remain on our browser for a long time. Some will stay there for 30 days, others to 12 months!
CookieThief: a threat that mysteriously spreads
So back to the CookieThief Trojan. The latter affects a limited number of Android devices. Kaspersky Labs is talking about 1,000 devices so far, but they expect it to continue to grow.
Hidden in the device, it installs a root file in order to obtain the information that passes through our Android phone or tablet. Its specific purpose is to intercept and steal our cookies, more specifically our Facebook cookies.
Its mission is therefore to steal our Facebook cookies to connect to our account and disseminate spam and other malicious links. Facebook can normally notify us if it sees an unusual connection like this with a device that has never connected to our account.
Except that this Trojan horse has more than one trick in its bag and uses another virus to circumvent the defenses of Facebook by making it believe that the connection takes place on one of our devices.
What is all the more alarming in all this is that Kaspersky Labs has not yet identified the way that the virus spreads, but does not rule out the idea that it is installed in the “firmware” of our devices.
The good news is that now, antivirus solutions, especially Kaspersky, will now be able to add this torjan to their database in order to detect it.
Without protection, the risk is however present. Especially since Facebook does not really offer a way to delete cookies on its mobile application, unlike our browsers where we can do so by clearing our cache.