Kaspersky: Cookies can be stolen |
Kaspersky experts have discovered two new versions of modified malware for Android devices that can be used together to steal cookies collected by web browsers and popular applications from social networking site Facebook before Internet thieves secretly control the victim's account so that he can send a lot of malicious content.
Cookies are small pieces of data that are collected by a website and used to track users ’online activities to find experiences that match their interests.
Cookies (cookies) or cookies on the web are often a harmful nuisance. However, if it falls into the wrong hands, it could pose a risk to user safety because these cookies are stored on a website that uses unique functions. (Session ID) to identify future users without a password or username.
According to Kaspersky, cyber criminals who have a user identity can falsify the website and control the victim's account. This is exactly what these thieves did by developing two Trojans with similar encryption functions that run from the command server and control themselves.
The first Trojan horse gave access to the root system on the victim's computer, which allowed thieves to transfer cookies from Facebook platform to their own servers.
However, obtaining the ID alone is usually not sufficient to control another account, as security measures apply to some websites to prevent suspicious login attempts, for example b. Active users in Chicago trying to sign in. From Dubai after a few minutes.
This is Trojan's second role, which can run a proxy server on a victim's computer to bypass and access security measures without raising suspicion where criminals can come from. Control your social network accounts to post spam.
Although the ultimate goal of the thief cookie is still unknown, the page on the command and control server itself can provide a hint: this page advertises a spam distribution service in social networks and apps. Messenger, which means thieves can find ways to get to your account. Get started with massive spam and phishing campaigns.
Kaspersky's malware analyst Igor Golovin said the thief was discovered with a combination of two attacks, a way to control the victim's account without raising suspicions. I've called about 1,000 people, and this number is increasing, especially because websites are struggling to find relatively new threats, but the network is still finding them, adding, "although we don't give cookies in general, be careful, but we do it a way To deal with our personal information, and we should always pay attention to Inter when we collect information about ourselves. "
Kaspersky experts recommend that users take the following measures to avoid becoming a victim of thieves cookies:
- Block access to third-party cookies in a mobile web browser and only allow data to be stored until you leave the browser.
- Make sure to delete cookies regularly.
- Using a trusted security solution (such as Kaspersky Total Security) with a browser-specific functionality can prevent websites from collecting information about user activity on the Internet.
Related Topics :
- Kaspersky: DDoS attacks multiply in the last quarter of 2019
- Kaspersky detects malware spread by fake security certificates
- Kaspersky unveils Kaspersky Portal Management Portal
- Kaspersky offers customers enhanced protection against electronic threats
- Malware is spreading with the global Grammy Awards
- Malware covers up the most successful movies
- Lazarus intensifies AppleJeus attack on crypto companies