www.computerweekly.com Open in urlscan Pro
2606:4700::6812:1586  Public Scan

URL: https://www.computerweekly.com/news/252479964/Cookie-stealing-trojans-found-lurking-on-Android-phones
Submission Tags: falconsandbox
Submission: On April 13 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET https://www.computerweekly.com/search/query

<form action="https://www.computerweekly.com/search/query" method="get" class="header-search">
  <label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
  <input class="header-search-input" id="header-search-input" type="text" name="q" placeholder="Search Computer Weekly">
  <button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
  <ul class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all" id="ui-id-1" tabindex="0" style="display: none;"></ul>
</form>

Text Content

Search the TechTarget Network
Join CW+
Login Register Cookies
 * News
 * In Depth
 * Blogs
 * Opinion
 * Videos
 * Photo Stories
 * Premium Content
 * Webinars
 * Sign up for our daily newsletter

RSS
 * IT Management
    * IT leadership & CW500
    * IT architecture
    * IT efficiency
    * Governance
    * Innovation
    * Legislation & regulation
    * Operations & support
    * Project management
    * Strategy
    * Supplier management
    * Business issues
    * Sponsored Communities

 * Industry Sectors
    * Healthcare IT
    * Charity IT
    * Business services IT
    * Financial services IT
    * Government & public sector IT
    * Leisure & hospitality IT
    * Manufacturing IT
    * Media & entertainment IT
    * Retail IT
    * SME IT
    * Telecoms & internet
    * Transport & travel IT
    * Utilities IT
    * IT suppliers

 * Technology Topics
   Datacentre View All
    * Clustering for high availability and HPC
    * Containers
    * Converged infrastructure
    * Datacentre backup power and power distribution
    * Datacentre capacity planning
    * Datacentre cooling infrastructure
    * Disaster recovery/security
    * Green IT
    * Performance, monitoring and optimisation
    * Systems management
    * DevOps
    * IaaS
    * Server and Operating Systems
    * PaaS
    * Virtualisation
    * SaaS
    * Desktop virtualisation platforms
   
   Enterprise software View All
    * AI and automation
    * Blockchain
    * Business applications
    * Business intelligence
    * Cloud applications
    * Collaboration
    * CRM
    * Database
    * ERP
    * Financial applications
    * HR software
    * Middleware
    * Microservices
    * Windows
    * Mobile
    * Open source
    * Operating systems
    * SOA
    * Software development
    * Software licensing
    * Virtualisation
    * Web software
   
   IT in Europe and Middle East View All
    * IT in Benelux
    * IT in Germany
    * IT in Italy
    * IT in Poland
    * IT in Russia
    * IT in Spain
    * IT in the Middle East
    * IT in Turkey
    * IT in France
    * IT in the Nordics
   
   Information Management View All
    * Big data
    * Business intelligence and analytics
    * BPM
    * Content management
    * Quality/governance
    * Data warehousing
    * Database management
    * MDM/Integration
   
   IT in Asia-Pacific View All
    * IT in ASEAN
    * IT in Australia & New Zealand
    * IT in India
   
   Internet View All
    * Cloud
    * E-commerce
    * Internet infrastructure
    * Social media
    * Web development
   
   IT skills View All
    * Diversity in IT
    * Training
    * Jobs
    * Management skills
    * Technical skills
   
   Hardware View All
    * Chips & processors
    * Printers
    * Storage
    * Data centre
    * Mobile
    * Networking
    * PC
    * Servers
   
   IT security View All
    * Antivirus
    * Secure Coding and Application Programming
    * Continuity
    * Cloud security
    * Data Breach Incident Management and Recovery
    * Endpoint and NAC Protection
    * Cybercrime
    * IAM
    * Risk management
    * Network Security Management
    * Data protection
    * Compliance Regulation and Standard Requirements
    * Security policy and user awareness
    * Web Application Security
   
   IT services View All
    * Cloud
    * Consultancy
    * Outsourcing
    * Hosting
    * Offshore
    * Startups
   
   Mobile View All
    * Laptop
    * Mobile software
    * Mobile networking
    * Smartphone
    * Tablet
   
   Networking View All
    * Datacentre networking
    * Internet of Things
    * Mobile
    * Network hardware
    * Network monitoring and analysis
    * Network routing and switching
    * Network security strategy
    * Network software
    * Software-defined networking
    * Telecoms networks and broadband communications
    * Unified communications
    * VoIP
    * WAN performance and optimisation
    * Wireless
   
   Storage View All
    * Cloud storage
    * Containers and storage
    * Compliance and storage
    * Backup
    * Disaster recovery
    * Flash and SSDs
    * Hyper-convergence
    * Object storage
    * Disk systems
    * Software-defined storage
    * Storage switches
    * Storage management
    * Storage performance
    * Virtualisation and storage
   
   Please select a category
    * Datacentre
    * Enterprise software
    * IT in Europe and Middle East
    * Information Management
    * IT in Asia-Pacific
    * Internet
    * IT skills
    * Hardware
    * IT security
    * IT services
    * Mobile
    * Networking
    * Storage

 * Follow:
 * 
 * 
 * 



Matic Štojs Lomovšek - stock.a

Matic Štojs Lomovšek - stock.a

News


COOKIE-STEALING TROJANS FOUND LURKING ON ANDROID PHONES




KASPERSKY DISCOVERS TWO NEW ANDROID MALWARE MODIFICATIONS THAT COULD GIVE
HACKERS CONTROL OF THEIR VICTIMS’ SOCIAL MEDIA ACCOUNTS

Share this item with your network:

 * 
 * 
 * 


By
 * Alex Scroxton, Security Editor

Published: 12 Mar 2020 11:03

Researchers at Kaspersky have raised the alarm after uncovering two new Android
malware modifications that can steal browser and application cookies and enable
cyber criminals to take control of their victims’ social media accounts.



The ruse works by exploiting the unique session ID cookies that websites use to
identify users in future without requiring them to log in using their passwords.

If the website can be fooled into thinking the attacker is the victim – easily
done if they are in possession of a user’s ID – it becomes a very simple matter
to take over the target account and use it for malicious purposes.

In this case, this is exactly what has happened, using two trojans with similar
coding that are controlled by the same C&C server.

The first trojan, dubbed Cookiethief, acquires root rights on the target device,
enabling the attackers to transfer cookies to their own servers.

The second trojan, dubbed Youzicheng, runs a proxy server on the target device
to fool security measures that block suspicious login attempts – for example,
logging in from two geographically distant locations a few minutes apart – and
gain access without alerting the victim or website.

“By combining two attacks, the cookie thieves have discovered a way to gain
control over their victims’ account without arousing suspicion,” said Kaspersky
malware analyst Igor Golovin. “While this is a relatively new threat – so far
only about 1,000 individuals have been targeted – that number is growing and
will most likely continue to do so, particularly because it is so hard for
websites to detect.

“Even though we typically don’t pay attention to cookies when we’re surfing the
web, they are still another means of processing our personal information, and
anytime data about us is collected online, we need to pay attention.”

Kaspersky said that the ultimate aim of the group behind the trojans was not yet
known, but a page its researchers found on the same C&C server offers an obvious
clue – it advertises services for distributing spam on social networks, which
suggests the plan is to launch more widespread spam and phishing campaigns.

READ MORE ABOUT SOCIAL MEDIA SECURITY

 * The lack of security policies in many business applications is putting
   enterprise data at risk and social media apps are the biggest source of
   malware, a poll of IT professionals reveals.
 * A social media security policy is necessary for most enterprises today.
   Expert Mike Villegas discusses what should be included in social media
   policies.
 * Researchers at Check Point recently uncovered serious vulnerabilities in the
   TikTok video-sharing app that left users exposed to cyber attack.

Kaspersky has linked Cookiethief and Youzicheng with a number of other
widespread trojans, including Sivu, Triada and Ztorg, because of similarities in
C&C server addresses and encryption keys. The firm said that in most cases, such
malware is either planted on the target device prior to purchase by malicious
insiders or gets into system folders through backdoor vulnerabilities in the
Android operating system.

Besides activating their devices’ on-board security features or augmenting them
with third-party security services, users are best advised to block third-party
cookie access on Android web browsers and only allow their data to be saved
until they quit the browser. Periodically clearing cookies can also mitigate the
danger to some degree.

More technical information, as well as indicators of compromise (IoCs), can be
found on Kaspersky’s Securelist blog.



READ MORE ON HACKERS AND CYBERCRIME PREVENTION

 * MOSAICREGRESSOR APT CAMPAIGN USING RARE MALWARE VARIANT
   
   
   By: Alex Scroxton

 * FIRST CORONAVIRUS CYBER THREATS SEEN IN THE WILD
   
   
   By: Alex Scroxton

 * MOBILE BANKING TROJANS REACH ALL-TIME HIGH
   
   
   By: Warwick Ashford

 * SILENCE BANKING TROJAN HIGHLIGHTS PASSWORD WEAKNESS
   
   
   By: Warwick Ashford

Latest News
 * Universal IAM policy failings put cloud environments at risk
 * Multiple arrests made in RaidForums takedown
 * PassiveLogic to get more active in smart building tech with $15m funding
 * View All News

Download Computer Weekly
 * In The Current Issue:
   * CDO interview: Lisa Valentino, executive VP for client and brand solutions,
     Disney Advertising Sales
   * Hybrid working in the metaverse
   * Sungard UK in administration: How rising energy costs impact datacentre
     market
   Download Current Issue

Latest Blog Posts
 * Citrix and Microsoft: who’s really leading the transformation agenda? – Write
   side up - by Freeform Dynamics
 * What to expect from Alteryx Inspire 2022 – CW Developer Network
 * View All Blogs

Related Content
 * Attackers dropping Mahdi spyware on oil facilities, ... – SearchSecurity.in
 * Financial cyber attacks increase as malware writers ... – ComputerWeekly.com
 * Researchers uncover Arabic-speaking international ... – ComputerWeekly.com



Latest TechTarget resources
 * CIO
 * Security
 * Networking
 * Data Center
 * Data Management

SearchCIO
 * DOD official asks for faster commercial technology adoption
   
   Michael Brown, director of the Defense Innovation Unit, said the lack of an
   effective approach to adopting commercial technology ...

 * Long, costly road ahead for FTC antitrust case against Meta
   
   The Federal Trade Commission's antitrust case against Meta is relying on the
   argument that past acquisitions helped Meta maintain...

 * Gartner IT spending forecast cites higher service prices
   
   CIOs can expect a rate hike as service providers offer their employees more
   competitive salaries amid talent shortages, higher ...

SearchSecurity
 * Ukraine energy grid hit by Russian Indestroyer2 malware
   
   The 2016 malware known as "Indestroyer" has resurfaced in a new series of
   targeted attacks against industrial controller hardware...

 * Synopsys: Enterprises struggling with open source software
   
   To curb open source risk, Synopsys advises enterprises to keep a
   comprehensive inventory of all software within its environment ...

 * Law enforcement takedowns continue with RaidForums seizure
   
   The hacker forum, which used to sell and purchase sensitive information
   including login credentials, has been dismantled, and its...

SearchNetworking
 * Zero trust, wireless WAN affect the future of IoT networking
   
   Zero-trust security models, wireless WAN evolution and the emergence of
   pop-up businesses are all helping to fuel innovation in ...

 * Fortinet, Cato Networks add security for distributed SD-WANs
   
   Fortinet updated FortiOS with an inline sandbox and a cloud access security
   broker. Cato has added new network access controls to...

 * 5G and SD-WAN bring benefits to branch locations and beyond
   
   Individually, 5G and SD-WAN promise various benefits for organizations. As a
   pair, 5G and SD-WAN could make the ideal network ...

SearchDataCenter
 * Advice for data centers looking to change operating systems
   
   When you swap out a data center's primary OS, first, consider the purpose of
   your replacement OS and its optimal workloads. Then,...

 * New IBM Z mainframe blunts quantum cyber attacks
   
   Looking to compete with AI-based supercomputer vendors, IBM unveiled a Z
   mainframe armed with new AI features and security that ...

 * Disaggregated HCI solves compute, storage, network scalability
   
   Despite the deployment and cost advantages of hyper-converged
   infrastructures, learn how disaggregated HCI can overcome compute, ...

SearchDataManagement
 * Arcion brings change data capture platform to the cloud
   
   Getting data out of one system and into another in the right format as
   quickly as possible is a challenge the Arcion Cloud ...

 * Monte Carlo introduces Circuit Breakers for data pipelines
   
   In an effort to help improve data workflow reliability, Monte Carlo is
   rolling out a new feature that can help organizations stop...

 * 5 key elements of data tenancy
   
   Data tenancy is a key piece of any data protection scheme and can be crafted
   around five building blocks to provide safe, secure ...

 * About Us
 * Editorial Ethics Policy
 * Meet The Editors
 * Contact Us
 * Our Use of Cookies
 * Advertisers
 * Business Partners
 * Media Kit

 * Corporate Site
 * Contributors
 * Reprints
 * Answers
 * E-Products
 * Events
 * In Depth
 * Guides

 * Opinions
 * Quizzes
 * Photo Stories
 * Tips
 * Tutorials
 * Videos
 * Computer Weekly Topics

All Rights Reserved, Copyright 2000 - 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info


Close