Who stole the cookie from the cookie jar? It’s Cookiethief, a newly discovered Android trojan that gains root access to devices and exfiltrates browser and Facebook app cookies to a malicious server.
Attackers typically use stolen cookies to impersonate victims and access their online accounts in unauthorized fashion. In this instance, researchers believe the culprits are using the cookies for a spam scheme, based on an investigation of the attackers’ command-and-control server, which turned up a page that advertises services for distributing spam on social networks and messenger apps.
The campaign appears to be in its early stages, with fewer than 1,000 known victims, according to a Thursday blog post from Kaspersky, whose research team discovered the threat.
“To execute superuser commands, the malware connects to a backdoor installed on the same smartphone and passes it a shell command for execution,” states the report, authored by Kaspersky researchers Anton Kivva and Igor Golovin. “The backdoor Bood, located at the path /system/bin/.bood, launches the local server and executes commands received from Cookiethief.”
The researchers also uncover ..
Support the originator by clicking the read the rest link below.
