Do you often browse Facebook on your Android device?

There's a new malware threat to be aware of, called "CookieThief," which is an apt name that describes what the malware does. Honestly, the hackers missed the mark here. "CookieMonster" would have been a much better name option.

In any case, it's part of a growing new collection of malware strains that is able to steal browser and app cookies from infected devices.

It was discovered by Kaspersky Lab. Although the researchers tracking the new strain say that they're not yet sure how the malware made its way onto infected devices in the first place.

In all, the company is tracking slightly more than a thousand infections, though that number is increasing by the day. In the cases that the researchers have investigated deeply, Facebook cookies appear to be of prime interest to the hackers, allowing them to gain account access and track user movements across the social media platform.

The Kaspersky team stressed that there is no particular security flaw or vulnerability that the hackers behind the code are exploiting. They're simply pointing out where their main area of interest appears to be. During their analysis, the group found a fork of the code. It is similar but with a few distinct differences. The forked code launches a proxy on the infected device that makes access requests appear legitimate.

The researchers found forked code

"By combining these two attacks, cybercriminals can gain complete control over the victim's account and not raise suspicion from Facebook. From there, the criminals can pose as the victim and take control of their social networking account to distribute undesirable content."

Our perspective

While there are many more destructive uses that such a Trojan could be used for, the main goal of the hackers, in this case, appears to be to use compromised accounts to spread fake news stories. Even so, it's something to be on alert for, as it would be easy to modify it to make it much more destructive.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association