LightRocket via Getty Images
A worrying new security report claims that devious hackers have developed a new exploit to target the Facebook accounts of Android users. To be more accurate it is two separate exploits that work in tandem towards a common goal. We increasingly see multiple malware used in parallel, each with a specific objective, but this crafted approach with two exploits from the same hacking team is an interesting twist.
According to Kaspersky, the goal of the attack is to gain unauthorized access to Facebook accountsand it all starts with hackers targeting an Android phone to capture Facebook cookies from the devices browser and the app itself. This is done by acquiring root access and establishing a comms link out to a C&C server.
Facebook is one of many apps that will have dropped cookiesidentifying codeonto the device, such that the user is recognized next time they login. This is why you can stay logged in to apps, because they can trust its you. Cookies make the world wide web go round, but they can also be the nasty little tracking tokens that follow us across the internetmultiple sites, multiple platforms.
This, though, is a new cookie problem. That said, stealing a Facebook cookie doesn't let you back into Facebook from a different device without credentials. The platform detects youre coming from an unknown location and blocks you, asking you to sign-in, potentially locking the account. And thats where the second part to this malicious attack kicks in.
This attack is designed to defeat the very way that the stay logged in security works. It does so by hijacking the Android device to use as a proxy server through which the attackers can access Facebook. So, while the attackers are sitting someplace else, Facebook sees the account access as coming from the expected device. The login works. All without the user having any indication of a compromise.
By combining these two attacks, Kasperskys Anton Kivva and Igor Golovin say in a March 12 blogpost, cybercriminals can gain complete control over the victims account and not raise a suspicion from Facebook. This devious marriage of Trojan-Spy.AndroidOS.Cookiethief and Trojan-Proxy.AndroidOS.Youzicheng has only just started to hit its first thousand target accounts. But the figure is growing.
Kaspersky says in its report that this abuse technique is possible not because of a vulnerability in Facebook app or browser itselfmalware could steal cookie files of any website from other apps in the same way and achieve similar results.
This was echoed by Facebook, with a spokesperson telling me Kasperskys report identifies how an attacker using malware can compromise someones device, not a vulnerability in Facebooks code. We recommend that people use the latest version of Android or iOS to help protect against this kind of attack.
Account hijacking is an increasing problem, as attackers look to spread malware and malicious phishing links through victims to their contactsthis is basic social engineering. If I receive a Facebook message from a friend, I am far more likely to click the link or open the attachment than if its from someone unknown.
On the C&C server, Kaspersky says, we also found a page advertising services for distributing spam on social networks and messengers, so it was not difficult to guess the motive behind the cookie-theft operation.
I have reported before on more laborious hacks on messaging platforms to achieve the same goal, this is simply an automated approach. There are certain precautions users can take to defend against this attacknot staying logged in for example, deleting cookies or blocking their access. But realistically, this is a vulnerability that needs to be detected and blocked in the exploit phase. One can expect Google and Facebook to be looking into a more permanent solution now.
Read the original here:
This Is Androids Newest Threat: Your Facebook May Now Get HackedHeres How It Will Happen - Forbes
