A new Trojan, dubbed "Cookiethief", attempts to gain superuser rights on target devices, and if successfully gained, transfer the web cookies to a remote command-and-control (C&C) server operated by the attackers.
While the messages that servers pass to browser when a user visits Internet sites, which information is stored in a small file, is called cookie. These piece of information is often used by websites to differentiate a user from another, and serve personalized content for targeted advertisements.
The malware is capable of this maneuver, not owing to a vulnerability in the Facebook app or browser, but according to Kaspersky researchers, it could steal cookie files of website from any app in several other ways.
Ways the Cookiethief Hijack Accounts Without Passwords
As web cookies allow users to stay logged in to a web service without having to resign in repeatedly, the Cookiethief tries to exploit this technique to allow attackers gain unauthorized access to the target accounts without actually having their online accounts passwords.
There are a number of ways that a Trojan could infiltrate a device, such as planting of malware in a device firmware, or exploiting known vulnerabilities in the operating system to install the malicious software.
So, if a device is infected, the malware can easily connect to a backdoor installed on the same device to execute a "superuser" command that will facilitate the stealing of cookie.
How to protect Your Facebook Account from Cookiethief
Facebook has a number of security measures in place to safeguard users accounts against any suspicious login attempts from devices, IPs and browsers that they have never used to log in to the platform.
Albeit, an attacker could work around the safeguard by leveraging the piece of malware that creates a proxy server on the infected device in order to impersonate the actual account owner's location to make the access look legitimate.
But still, users can block third-party cookies on the browser, like Chrome or Firefox and clear the cookies on regular basis, and the use of private browsing mode to protect their accounts.