www.computerweekly.com
Open in
urlscan Pro
2606:4700::6812:1586
Public Scan
URL:
https://www.computerweekly.com/news/252479964/Cookie-stealing-trojans-found-lurking-on-Android-phones
Submission Tags: falconsandbox
Submission: On April 13 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On April 13 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMGET https://www.computerweekly.com/search/query
<form action="https://www.computerweekly.com/search/query" method="get" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input" id="header-search-input" type="text" name="q" placeholder="Search Computer Weekly">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
<ul class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all" id="ui-id-1" tabindex="0" style="display: none;"></ul>
</form>
Text Content
Search the TechTarget Network Join CW+ Login Register Cookies * News * In Depth * Blogs * Opinion * Videos * Photo Stories * Premium Content * Webinars * Sign up for our daily newsletter RSS * IT Management * IT leadership & CW500 * IT architecture * IT efficiency * Governance * Innovation * Legislation & regulation * Operations & support * Project management * Strategy * Supplier management * Business issues * Sponsored Communities * Industry Sectors * Healthcare IT * Charity IT * Business services IT * Financial services IT * Government & public sector IT * Leisure & hospitality IT * Manufacturing IT * Media & entertainment IT * Retail IT * SME IT * Telecoms & internet * Transport & travel IT * Utilities IT * IT suppliers * Technology Topics Datacentre View All * Clustering for high availability and HPC * Containers * Converged infrastructure * Datacentre backup power and power distribution * Datacentre capacity planning * Datacentre cooling infrastructure * Disaster recovery/security * Green IT * Performance, monitoring and optimisation * Systems management * DevOps * IaaS * Server and Operating Systems * PaaS * Virtualisation * SaaS * Desktop virtualisation platforms Enterprise software View All * AI and automation * Blockchain * Business applications * Business intelligence * Cloud applications * Collaboration * CRM * Database * ERP * Financial applications * HR software * Middleware * Microservices * Windows * Mobile * Open source * Operating systems * SOA * Software development * Software licensing * Virtualisation * Web software IT in Europe and Middle East View All * IT in Benelux * IT in Germany * IT in Italy * IT in Poland * IT in Russia * IT in Spain * IT in the Middle East * IT in Turkey * IT in France * IT in the Nordics Information Management View All * Big data * Business intelligence and analytics * BPM * Content management * Quality/governance * Data warehousing * Database management * MDM/Integration IT in Asia-Pacific View All * IT in ASEAN * IT in Australia & New Zealand * IT in India Internet View All * Cloud * E-commerce * Internet infrastructure * Social media * Web development IT skills View All * Diversity in IT * Training * Jobs * Management skills * Technical skills Hardware View All * Chips & processors * Printers * Storage * Data centre * Mobile * Networking * PC * Servers IT security View All * Antivirus * Secure Coding and Application Programming * Continuity * Cloud security * Data Breach Incident Management and Recovery * Endpoint and NAC Protection * Cybercrime * IAM * Risk management * Network Security Management * Data protection * Compliance Regulation and Standard Requirements * Security policy and user awareness * Web Application Security IT services View All * Cloud * Consultancy * Outsourcing * Hosting * Offshore * Startups Mobile View All * Laptop * Mobile software * Mobile networking * Smartphone * Tablet Networking View All * Datacentre networking * Internet of Things * Mobile * Network hardware * Network monitoring and analysis * Network routing and switching * Network security strategy * Network software * Software-defined networking * Telecoms networks and broadband communications * Unified communications * VoIP * WAN performance and optimisation * Wireless Storage View All * Cloud storage * Containers and storage * Compliance and storage * Backup * Disaster recovery * Flash and SSDs * Hyper-convergence * Object storage * Disk systems * Software-defined storage * Storage switches * Storage management * Storage performance * Virtualisation and storage Please select a category * Datacentre * Enterprise software * IT in Europe and Middle East * Information Management * IT in Asia-Pacific * Internet * IT skills * Hardware * IT security * IT services * Mobile * Networking * Storage * Follow: * * * Matic Å tojs LomovÅ¡ek - stock.a Matic Å tojs LomovÅ¡ek - stock.a News COOKIE-STEALING TROJANS FOUND LURKING ON ANDROID PHONES KASPERSKY DISCOVERS TWO NEW ANDROID MALWARE MODIFICATIONS THAT COULD GIVE HACKERS CONTROL OF THEIR VICTIMS’ SOCIAL MEDIA ACCOUNTS Share this item with your network: * * * By * Alex Scroxton, Security Editor Published: 12 Mar 2020 11:03 Researchers at Kaspersky have raised the alarm after uncovering two new Android malware modifications that can steal browser and application cookies and enable cyber criminals to take control of their victims’ social media accounts. The ruse works by exploiting the unique session ID cookies that websites use to identify users in future without requiring them to log in using their passwords. If the website can be fooled into thinking the attacker is the victim – easily done if they are in possession of a user’s ID – it becomes a very simple matter to take over the target account and use it for malicious purposes. In this case, this is exactly what has happened, using two trojans with similar coding that are controlled by the same C&C server. The first trojan, dubbed Cookiethief, acquires root rights on the target device, enabling the attackers to transfer cookies to their own servers. The second trojan, dubbed Youzicheng, runs a proxy server on the target device to fool security measures that block suspicious login attempts – for example, logging in from two geographically distant locations a few minutes apart – and gain access without alerting the victim or website. “By combining two attacks, the cookie thieves have discovered a way to gain control over their victims’ account without arousing suspicion,” said Kaspersky malware analyst Igor Golovin. “While this is a relatively new threat – so far only about 1,000 individuals have been targeted – that number is growing and will most likely continue to do so, particularly because it is so hard for websites to detect. “Even though we typically don’t pay attention to cookies when we’re surfing the web, they are still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention.” Kaspersky said that the ultimate aim of the group behind the trojans was not yet known, but a page its researchers found on the same C&C server offers an obvious clue – it advertises services for distributing spam on social networks, which suggests the plan is to launch more widespread spam and phishing campaigns. READ MORE ABOUT SOCIAL MEDIA SECURITY * The lack of security policies in many business applications is putting enterprise data at risk and social media apps are the biggest source of malware, a poll of IT professionals reveals. * A social media security policy is necessary for most enterprises today. Expert Mike Villegas discusses what should be included in social media policies. * Researchers at Check Point recently uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed to cyber attack. Kaspersky has linked Cookiethief and Youzicheng with a number of other widespread trojans, including Sivu, Triada and Ztorg, because of similarities in C&C server addresses and encryption keys. The firm said that in most cases, such malware is either planted on the target device prior to purchase by malicious insiders or gets into system folders through backdoor vulnerabilities in the Android operating system. Besides activating their devices’ on-board security features or augmenting them with third-party security services, users are best advised to block third-party cookie access on Android web browsers and only allow their data to be saved until they quit the browser. Periodically clearing cookies can also mitigate the danger to some degree. More technical information, as well as indicators of compromise (IoCs), can be found on Kaspersky’s Securelist blog. READ MORE ON HACKERS AND CYBERCRIME PREVENTION * MOSAICREGRESSOR APT CAMPAIGN USING RARE MALWARE VARIANT By: Alex Scroxton * FIRST CORONAVIRUS CYBER THREATS SEEN IN THE WILD By: Alex Scroxton * MOBILE BANKING TROJANS REACH ALL-TIME HIGH By: Warwick Ashford * SILENCE BANKING TROJAN HIGHLIGHTS PASSWORD WEAKNESS By: Warwick Ashford Latest News * Universal IAM policy failings put cloud environments at risk * Multiple arrests made in RaidForums takedown * PassiveLogic to get more active in smart building tech with $15m funding * View All News Download Computer Weekly * In The Current Issue: * CDO interview: Lisa Valentino, executive VP for client and brand solutions, Disney Advertising Sales * Hybrid working in the metaverse * Sungard UK in administration: How rising energy costs impact datacentre market Download Current Issue Latest Blog Posts * Citrix and Microsoft: who’s really leading the transformation agenda? – Write side up - by Freeform Dynamics * What to expect from Alteryx Inspire 2022 – CW Developer Network * View All Blogs Related Content * Attackers dropping Mahdi spyware on oil facilities, ... – SearchSecurity.in * Financial cyber attacks increase as malware writers ... – ComputerWeekly.com * Researchers uncover Arabic-speaking international ... – ComputerWeekly.com Latest TechTarget resources * CIO * Security * Networking * Data Center * Data Management SearchCIO * DOD official asks for faster commercial technology adoption Michael Brown, director of the Defense Innovation Unit, said the lack of an effective approach to adopting commercial technology ... * Long, costly road ahead for FTC antitrust case against Meta The Federal Trade Commission's antitrust case against Meta is relying on the argument that past acquisitions helped Meta maintain... * Gartner IT spending forecast cites higher service prices CIOs can expect a rate hike as service providers offer their employees more competitive salaries amid talent shortages, higher ... SearchSecurity * Ukraine energy grid hit by Russian Indestroyer2 malware The 2016 malware known as "Indestroyer" has resurfaced in a new series of targeted attacks against industrial controller hardware... * Synopsys: Enterprises struggling with open source software To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment ... * Law enforcement takedowns continue with RaidForums seizure The hacker forum, which used to sell and purchase sensitive information including login credentials, has been dismantled, and its... SearchNetworking * Zero trust, wireless WAN affect the future of IoT networking Zero-trust security models, wireless WAN evolution and the emergence of pop-up businesses are all helping to fuel innovation in ... * Fortinet, Cato Networks add security for distributed SD-WANs Fortinet updated FortiOS with an inline sandbox and a cloud access security broker. Cato has added new network access controls to... * 5G and SD-WAN bring benefits to branch locations and beyond Individually, 5G and SD-WAN promise various benefits for organizations. As a pair, 5G and SD-WAN could make the ideal network ... SearchDataCenter * Advice for data centers looking to change operating systems When you swap out a data center's primary OS, first, consider the purpose of your replacement OS and its optimal workloads. Then,... * New IBM Z mainframe blunts quantum cyber attacks Looking to compete with AI-based supercomputer vendors, IBM unveiled a Z mainframe armed with new AI features and security that ... * Disaggregated HCI solves compute, storage, network scalability Despite the deployment and cost advantages of hyper-converged infrastructures, learn how disaggregated HCI can overcome compute, ... SearchDataManagement * Arcion brings change data capture platform to the cloud Getting data out of one system and into another in the right format as quickly as possible is a challenge the Arcion Cloud ... * Monte Carlo introduces Circuit Breakers for data pipelines In an effort to help improve data workflow reliability, Monte Carlo is rolling out a new feature that can help organizations stop... * 5 key elements of data tenancy Data tenancy is a key piece of any data protection scheme and can be crafted around five building blocks to provide safe, secure ... * About Us * Editorial Ethics Policy * Meet The Editors * Contact Us * Our Use of Cookies * Advertisers * Business Partners * Media Kit * Corporate Site * Contributors * Reprints * Answers * E-Products * Events * In Depth * Guides * Opinions * Quizzes * Photo Stories * Tips * Tutorials * Videos * Computer Weekly Topics All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info Close