Combination of Android malware may compromise user's social media accounts

WION Web Team New Delhi, India Mar 17, 2020, 06.16 PM(IST) Edited By: Bharat Sharma

This picture taken on November 3, 2016 shows on a screen viruses list at the LHS (High Security Laboratory) Photograph:( AFP )

Story highlights

The Data Security Council of India (DSCI) reported that India registers the second-highest cyberattacks in the world during the period between 2016-18

Kaspersky recently discovered two new Android malware modifications that are capable of stealing cookies that are stored by the internet browser and social media applications. Consequentially, the attacker can then control the victim's social media accounts without the user ever finding out.
Websites use cookies to primarily deliver a personalised experience to users. This is achieved by tracking the user's activity online. However, if this information lands in the possession of a hacker, it automatically becomes a security risk.

The hackers, once they have the requisite information, can use the unique session ID which is generated by cookies to bypass the need to login into a portal.

If the user ID is compromised, attackers can easily assume the identity of the user and trick websites and applications. Through this, they can take control of the accounts. This is the model that allows sensitive information to be shared by hackers. The two new Trojans responsible for this can then leak any information.

The make-up of one of the Trojans allows it to acquire ''root rights'' which essentially allows the cookies to be transferred from Facebook or any other social media website to the servers of the hackers.

Image courtesy: AFP

However, it's not that simple to gain control of someone's account, for some websites have measures in place that disallow suspicious log-in attempts.

This can be bypassed through the second Trojan, which runs as an app on the victim's device and circumvents security measures to gain access to personal data without the user finding out. In essence, the attacker then assumes the identity of the user and then may be able to use the personal accounts of people to post whatever they please.

There's no clarity on why attackers want access to the social media accounts of random users. However, as reported by TechRadar, these accounts may be used to launch spam and phishing attacks across social media.

Igor Golovin, a malware analyst at Kaspersky, suggested that this threat is expected to grow.

“By combining two attacks, the cookie thieves discovered a way to gain control over their victims’ accounts without arousing suspicions. While this is a relatively new threat, so far, only about 1000 individuals have been targeted, that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect. Even though we typically don’t pay attention to cookies when we’re surfing the web, they’re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention”, Golovin said.

Image courtesy: AFP

Earlier in January, Kaspersky had also reported the existence of a malware app called Shopper, which was primarily used to improve the ratings of shopping apps across platforms. The app was able to spread advertisements and install apps without requiring the consent of the user. This particular malware affected almost 15 per cent, Indian users.

Golovin highlighted the security gap embedded into the mechanism of cookies, and how it continues to leave millions of users and their data vulnerable.

The Data Security Council of India (DSCI) reported that India registers the second-highest cyberattacks in the world during the period between 2016-18.