This Malware Is Stealing Your Cookies, With Devastating Consequences

Threat actors have a new tactic to access users’ credentials without knowing them already or launching a multi-factor authentication challenge.

One of the most common methods to access a user’s account is web session hijacking through cookie theft – this is done with infostealers, a form of malware that worms its way into the system to access its data. This method is meant to target the widest audience possible rather than a single individual, and the primary infection methods are phishing, malvertising, and impersonating nefarious software.

When a user opens an infected attachment, the malware begins infecting the system. This application data doesn’t need elevated privileges to access, and therefore infostealing malware can steal cookies without running as an admin. From there, data is collected and sent to a server for the threat actor to review.

According to Cybernews, infostealers are a specific type of malware, typically a Trojan virus that masks itself to gather sensitive information. The information this malware seeks to gain ranges from passwords to login credentials, and even cookies.

When targeting cookies, infostealers can obtain valuable information (like login credentials, session tokens, or browsing history), allowing threat actors to gain unauthorized access to users’ accounts, track online activities, and even impersonate them online.

These infostealer attacks are dangerous and should not be taken lightly since they have profound implications for companies and organizations. Malicious actors often buy stolen credentials that were obtained by infostealers to improve their attacks on their victims, and potentially obtain unauthorized access to an organization’s infrastructure, leveraging this access to create specific attacks (supply chain attacks) that could prove devastating and even involve other companies as collateral.

Another danger is stolen cookies, which could create attack vectors for ransomware groups often leading to organizations’ data being leaked on the dark web.

According to CyberArk, the infostealers downloaded in February 2024 included the malware RisePro, RedLine, StealC., LummaC, and Vidar.