In the recent past, Kaspersky technicians issued stern security warning over malware modification combinations of two android trojans that could get access to internet users’ cookies and control their browsing.
Malware modification combinations ‘fish’ crypto accounts logins
The researchers indicate that once the two malware modification combinations are used together, they enable hackers to steal cookies gathered from victim’s browsing on social media. Thereafter, the hackers have complete access of the users’ accounts and manipulate the content and infect the victim’s system.
Cookies are bits of information that are gathered by websites in order to determine what users are browsing for better and customized browsing experience in the future.
Moreover, cookies are utterly harmless though they are a nuisance to some internet users. However. Cookies can be a source of great risk while on the hackers‘ hands since they are critical in the identification of users without the need for their login data.
Once the hackers get control to the users‘ cookies, they cheat the browsing website to think they could be the original users, gaining access to their accounts. That is the reason the malware hackers created the two malware modification combinations in order for them to get user accounts. The first malware acquires the rooting rights on victims’ devices which allows them to transfer cookies to their own servers.
Scattered evidence points towards phishing attacks
Websites currently have security interventions that obstruct criminal activity by identification of the login data from other devices and ticking them as abnormal. Mostly, crypto hackers look for logins to online cryptocurrency accounts where they steal crypto deposits from unsuspecting victims. Now, the second malware is for bypassing these security protocols as it executes a proxy server on the gadget of the victim.
Hackers pose as original users and therefore, hijack networking accounts to distribute any content of their own will. The purpose behind this heinous activity is yet to be identified by the researchers although scattered evidence points towards phishing attacks.
Experts suggest in solving the problem to block third-party cookies, erasing them from the system altogether and using security interventions to protect users browsing a website.