Cookies Stolen! Cookie Monster Claims Innocence and Blames Malware
By: Jim Stickley and Tina Davis
July 20, 2020
Sesame Street’s cookie-loving character aside, a new info-stealing Trojan malware called Cookiethief was discovered by Kaspersky earlier this year. The malware steals computer cookies from Facebook users with an Android device. The goal of Cookiethief is to steal as much data as possible, and with a projected 1.69 billion Facebook users this year, that’s a lot of identities ripe for the picking. Cookiethief uses a combination of hacking tricks to work and a successful attack means identity fraud, data theft, and account takeover exploits are likely to follow.
Computer cookies are small pieces of information stored on a web browser that make web surfing and app use easier and are generally seen as harmless. They allow information from a website to be stored and later retrieved, including passwords and login information, authenticate whether a user is logged-in and under what name, and track multiple visits to the same site.
Kaspersky isn’t sure just how Cookiethief is already on about 1,000 Android devices, but they say the number is growing. They also believe the Trojan malware could be the result of spreading spam email phishing attacks. The second phase of Cookiethief’s attack is tricking a user into handing over administrative rights to their device. Never approve requests for administrative rights. It’s a bit like handing your house keys to a carjacker. Once they get that access, the sky’s the limit.
Also, be mindful from where you download apps. They should come from the official Google Play store only, as Google scan apps for malware before making them public. Since some malware apps do get through the security scan, always read the reviews before downloading. They can shed light on any problems the app has before you commit.
Remember, it only takes one compromised email account to steal your contacts and credentials, and then spread the malware to the contacts of your contacts, and so on. That’s why closely following anti-phishing tips is always recommended.
Don’t Get Hooked
- Never click on email attachments unless you’re positive the sender is secure. Don’t even think about downloading attachments from suspicious or unknown senders.
- Trust your instincts. If an email looks phishy in any way, delete it immediately.
- Beware of emails that tug on emotions of any kind. It’s a sure lure that hackers count on to work.
- Always check the source of the email. Generic greetings, bad grammar, and typos are a huge red flag.
- Never provide your login information, password, or account numbers in an email. Legitimate senders won’t ask for sensitive information via email.