“Kaspersky lab” reported about new malware that steals cookies on devices with Android

«Лаборатория Касперского» сообщила о новых зловредах, крадущих cookie-файлы на устройствах с Android

The specialists of “Kaspersky Lab” working in the field of information security, has identified two new malware, which, working in tandem, can steal cookies stored in your browsers and social networking apps. Stealing cookies allows attackers to take control of the accounts of the victims on social networks, to on their behalf to send notices.

First the malware is a Trojan program that after being hit on the victim device receives root access, giving access to all installed applications. It is also used to send to attacker-controlled server discovered cookies.

However, not always cookies allow you to take control of the accounts of the victim. On some web sites prevented a suspicious attempt of login. The second Trojan used in such cases. It is able to run a proxy server on the device of the victim. This approach allows you to bypass security measures and log in to the account of the victim without arousing suspicion.

The report notes that both Trojans exploit browser vulnerabilities or customer’s social network. A new Trojan program can be used by hackers to steal cookies that are stored on any web site. Unknown at this time what purpose is the theft of cookies. It is assumed that this is to continue to provide services for the dissemination of spam in social networks and messengers. Most likely, the attackers try to access other accounts for the organization of the company to send spam or phishing messages.

By combining two types of attacks attackers have found a way to gain control over users ‘ accounts without arousing suspicion. This is a relatively new threat, yet she had been no more than a thousand people. This number is growing and likely will continue to grow, given that the web sites difficult to detect such attacks, “- says Igor Golovin, a virus analyst “Kaspersky Lab”.

“Kaspersky’s laboratory” recommends to users not to download apps from unverified sources, in a timely manner to update device software and regularly scan the system for infections, not to become a victim of such malicious programs.