New Malware Steals Facebook Info Through Chrome Cookies

Researchers from security firm Radware recently discovered a new malware that steals login information of Facebook users. The malware, dubbed Stresspaint, has successfully stolen login credentials of more than 45,000 Facebook users, and the group behind it seems to be searching for Facebook accounts with pages or with large networks, the security firm noted. A substantial percentage of the victims are from Vietnam, Russia, Pakistan, Indonesia, and Ukraine. In order to distribute the malware, the group sent phishing messages either through email or directly on Facebook. The messages prompt users to install a painting application called Relieve Stress Paint Tool from a page that mimics more popular websites like AOL.

Once the user starts running the infected app, the malware incorporated into it will start stealing any login information stored on their computer. The malware also steals Facebook login credentials of victims each time they re-open the painting application and when they restart their computers. It steals the information by first copying Chrome cookies and storing them in a separate location. The software then looks into the contents of cookies for the Facebook login information of the victim. Once the target data is located, it is sent to a command and control server, and its authors use an open-source content management system to view the stolen credentials and export Facebook data. At this point, it is not yet clear what the attackers plan to do with the stolen information, although the researchers think that the data could be used for malvertising and propaganda.

For years, hackers have been actively developing malware that attempts to steal login information and other data from various devices. A recently discovered malware dubbed RedDrop collects data from the victim's Android device and like the Stresspaint malware, stores it in a folder that can be accessed by the attackers. Another similar malware which was first uncovered in 2016 poses as a Chrome browser update. However, once it obtains administrative access, it steals sensitive information like call logs, text messages, and credit card information. In order for users to stay protected from such attacks, the security firm is advising them to only download files and applications from legitimate websites.

You May Like These
More Like This:
About the Author
2018/10/Mark-Stephen-Real-2018.jpg

Mark Real

Staff Writer
Mark Real has written for Androidheadlines since 2017 and is a Staff Writer for the site. Mark has a background in sciences and education. He is passionate about advancements on hardware and software technologies and its impact on people’s lives. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now