The New Cookie-Stealing Trojan Can Hijack Android Users’ Facebook Accounts and More

Most social media accounts are full of personal information, which is why many of us try to keep them as safe as possible. Unfortunately, cybercriminals are making this task more and more complicated as they come up with new vicious threats. This time, hackers created a malicious application that can not only gain unauthorized access to Facebook or other accounts without knowing their login credentials but also bypass various security measures that the account’s user might have enabled. Even so, it does not mean that it is impossible to keep cybercriminals away from your social media profiles. It only means that you will have to take more safety precautions. Thus, instead of panicking we recommend reading our full article to learn all about the Android cookie-stealing malware and how to keep its creators away from your Facebook or other accounts.

The malicious application was recently discovered by Kaspersky cybersecurity specialists who describe it as a cookie-stealing Trojan for Android. They call it the Cookiethief malware. Also, researchers claim that even though the malware was noticed to be hijacking Facebook accounts, it could steal cookie files from other websites and applications. Thus, it poses threat not just to Facebook accounts’ owners but also to all Android users.

According to Kaspersky specialists, the cookie-stealing malware might infiltrate targeted Android devices with other Trojans, such as Sivu, Triada, and Ztorg. Usually, such threats get in by exploiting weaknesses in a targeted device’s operating system. Thus, the reason why cybersecurity specialists always recommend keeping systems up do date is to eliminate vulnerabilities. Also, researchers say that hackers might even go as far as plant such Trojans in Android devices’ firmware before they are purchased. In which case, a user could buy a device that is already infected.

Consequently, we advise being cautious when you buy a new Android device. You should monitor if it is not behaving in a way that could suggest there is malware on it. Naturally, if it turns out that your device is infected, you should take care of malicious applications installed on it as fast as possible. Specialists warn users that Trojans can download more malware. For example, the Cookiethief malware drops a backdoor application that allows cybercriminals to connect to an infected Android device.

Once the cookie-stealing Trojan drops a backdoor application, the malware’s creators should use it to access a targeted device and execute the so-called superuser commands. Specialists say that the threat would be unable to steal any cookies without the user rights that the mentioned commands provide. At this point, we should explain what cookies are and how stealing them from your device’s browser or Facebook app could let hackers behind the Cookiethief malware take over your Facebook or other accounts.

A cookie is a text file that records specific activity and then stores it so that such information could be used the next time you visit the same website or launch the same application. You may know that cookies can be used to personalize your experience, for example, to memorize your preferences, show you relevant advertisements, or keep goods in your shopping cart even after you leave the shop. What you might not know is that cookies are also used to remember you, or to be more precise, keep you logged in all the time. In other words, cookies are what allows you to quickly access your Facebook account without having to log into it every time that you to check it. Thus, the Cookiethief malware’s developers programmed the threat to steal such cookies so that they could log into their victims’ accounts without entering any passwords.

The worst part is that even Facebook safety measures cannot stop the Cookiethief malware’s developers from accessing your account. Specialists say that hackers can create a proxy server on victim’s devices, which would make it seem as if cybercriminals are attempting to log into targeted accounts from their owner’s devices and locations. Therefore, Facebook would think that the login attempt is legitimate and would not notify the account’s owner. Researchers still do not know for sure what hackers plan on doing with the Cookiethief malware, but, for now, it looks like they are using it to hijack Facebook accounts, which they use for phishing attacks and to spread malicious applications.

This cookie-stealing Trojan might seem unbeatable, but there are a few ways to guard your Facebook or other accounts against it. Cybersecurity specialists advise blocking third-party cookies as well as clearing cookies on your Android device regularly. Obviously, if there are no cookies storing Facebook or any other login data, the threat will have nothing to steal. Also, you could use the private or incognito browser’s mode when you need to log into any accounts. The mentioned modes can ensure that all your cookies get deleted after you end your private browsing session.

To conclude, the new Android cookie-stealing Trojan seems like a threat that can cause lots of trouble. Even though it does not seem to be widespread yet, specialists who discovered it say that the numbers of infected devices seem to be growing steadily. Consequently, we recommend taking extra precautions until cybersecurity specialists find a way to neutralize this threat for good.


  1. Anton Kivva, Igor Golovin. March 12, 2020. Cookiethief: a cookie-stealing Trojan for Android. Kaspersky.