Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim’s account in order to send various ill-intentioned content.
Cookies are small pieces of data collected by websites to track users’ activity online in an effort to create personalised experiences in the future.
While they are often perceived as a harmless nuisance, they can, in the wrong hands, pose a security risk. That is because, when websites store these cookies, they use a unique session ID that identifies the user in the future without requiring a password or login.
“By combining two attacks, the cookie thieves have discovered a way to gain control over their victims’ account without arising suspicions. While this is a relatively new threat-so far, only about 1000 individuals have been targeted-that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect,” malware analyst Igor Golovin, Security Researcher at Kaspersky said in a statement.
“Even though we typically don’t pay attention to cookies when we are surfing the web, they are still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention,” Golovin added.
However one can prevent themselves from becoming a victim of cookie theft by blocking third-party cookie access on their phone’s web browser and only let your data be saved until you quit the browser
One can also use a reliable security solution like Kaspersky Security Cloud that includes a Private Browsing feature, which prevents websites from collecting information about users activity online.