New Delhi: Researchers at cybersecurity firm Kaspersky have discovered two new Android malware modifications that, when combined, can steal cookies collected by the browser and app of popular social networking sites and then allow the thieves to discreetly gain control of the victim’s account in order to send various ill-intentioned content. Also Read - Cybercriminals Exploit Public Fear of Rising Coronavirus Cases Through Malware & Phishing

Cookies are small pieces of data collected by websites to track users’ activity online in an effort to create personalized experiences in the future. Also Read - Coronavirus-Themed Domains 50% More Likely to Infect Your System With Malware

While they are often perceived as a harmless nuisance, they can, in the wrong hands, pose a security risk. That is because, when websites store these cookies, they use a unique session ID that identifies the user in the future without requiring a password or login. Also Read - This malware affects 4,700 Windows-based computers every day

“By combining two attacks, the cookie thieves have discovered a way to gain control over their victims’ accounts without arising suspicions. While this is a relatively new threat-so far, only about 1000 individuals have been targeted-that number is growing and will most likely continue to do so, particularly since it’s so hard for websites to detect,” malware analyst Igor Golovin, Security Researcher at Kaspersky said in a statement.

“Even though we typically don’t pay attention to cookies when we are surfing the web, they are still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention,” Golovin added.

However one can prevent themselves from becoming a victim of cookie theft by blocking third-party cookie access on their phone’s web browser and only let your data be saved until you quit the browser

One can also use a reliable security solution like Kaspersky Security Cloud that includes a Private Browsing feature, which prevents websites from collecting information about user’s activity online.