Given how cookies on a device allow users to stay logged in to a service without having to repeatedly sign in, Cookiethief aims to exploit this very behavior to let attackers gain unauthorized access to the victim accounts without knowing their actual online accounts passwords.
“This way, a cybercriminal armed with a cookie can pass himself off as the unsuspecting victim and use the latter’s account for personal gain,” the researchers said.
Kaspersky theorizes that there could be a number of ways the Trojan could land up on the device — including planting such malware in the device firmware before purchase, or by exploiting vulnerabilities in the operating system to download malicious applications.
Once the device is infected, the malware connects to a backdoor, dubbed ‘Bood,’ installed on the same smartphone to execute “superuser” commands that facilitate cookie theft.
How Do Attackers Bypass Multi-Level Protection Offered by Facebook?
Cookiethief malware doesn’t have it all easy, though. Facebook has security measures in place to block any suspicious login attempts, such as from IP addresses, devices, and browsers that had never been used for logging into the platform before.