New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

But the bad actors have worked around the problem by leveraging the second piece of malware app, named ‘Youzicheng,’ that creates a proxy server on the infected device to impersonate the account owner’s geographic location to make the access requests legitimate.

“By combining these two attacks, cybercriminals can gain complete control over the victim’s account and not raise suspicion from Facebook,” the researchers noted.

android proxy malware

It’s not yet clear what the attackers are really after, but the researchers found a page found on the C2 server advertising services for distributing spam on social networks and messengers — leading them to the conclusion that the criminals could leverage Cookiethief to hijack users’ social media accounts to spread malicious links or perpetuate phishing attacks.

While Kaspersky classified the attack as a new threat — with only about 1,000 individuals targeted in this manner — it warned that this number is “growing” considering the difficulty in detecting such intrusions.

To be safe from such attacks, it’s recommended that users block third-party cookies on the phone’s browser, clear the cookies on a regular basis, and visit websites using private browsing mode.

3 of 3Next