Android, a new malware is able to steal Facebook access

Russian researchers have identified a new type of malware that can steal your Facebook profile information. Here's how it does it

It's called Cookiethief, it's been detected by Kespersky, it's not very complex but it's quite effective: it's the new virus able to steal our identity, stealing the credentials to access our Facebook profile. This could have serious consequences for the user.

Cookiethief is technically a trojan and its modus operandi is extremely simple: it aims to steal our cookies, i.e. the files where browsers park our browsing data in order to make us pick up where we left off the next time we return to the site. Among these cookies, of course, there is also the Facebook cookie, which, once stolen, allows the virus to take possession of our profile.

Cookiethief is active on Android systems and Kaspersky does not report any specific differences between one version and another of the operating system: Cookiethief spreads to all devices. But the most frightening theory coming from Kaspersky's virus analysis is that such malware could also be in the smartphone's firmware, even before the purchase.

How Cookiethief virus works

In theory, Cookiethief should not have an easy life, because Facebook has been implementing security measures for some time now to block suspicious access attempts, for example from unknown IP addresses, devices and browsers that have never been used before. But Cookiethief's creators got around this by exploiting a second part of the malware, called "Youzicheng," which creates a proxy server on the infected device to impersonate the geographical location of the account owner and thus fool Facebook. "By combining these two attacks, cybercriminals can gain complete control over the victim's account and not raise suspicions from Facebook," Karspersky explains.

How to defend against Cookiethief

According to Kaspersky Cookiethief is a new virus and there are already a thousand infected devices worldwide and as many stolen Facebook profiles. The infection, therefore, would be just at the beginning and the main antivirus at the moment would not be able to detect this virus. At the moment there are only precautionary measures: block third-party cookies via the browser, delete cookies often and use incognito browsing (which does not record cookies on the device).