I thought this was quite interesting to read, and seems that security tools should be way more focused on this threat since with this stuff you can actually bypass MFA methods, quite shocking when you think about it. https://news.sophos.com/en-us/2022/08/18/cookie-stealing-the-new-perimeter-bypass/
BTW, in 2022 two major companies have been hacked via cookie stealing malware, namely LastPass and CircleCI. The latter was also posted in another thread, but I think it's worth mentioning in this topic since it's quite a serious problem. So far, only HitmanPro.Alert and Sophos Intercept X is focused on blocking cookie stealers via behavior blocking, AFAIK. https://www.bleepingcomputer.com/ne...alware-stealing-engineers-2fa-backed-session/
We had a programmer here that showed a coworker that he could steal his cookie and log on to his Yahoo account. Most people don't even know that's a thing.
Yes, it's weird that this subject has't been discussed that much. So we need two things, security tools should be able to protect cookies from getting hijacked. I assume this is done by protecting the browser folder and memory. And I suppose that server authentication should also become smarter. Surely they should be able to figure out when someone is logged in from another location and another machine? Because the problem is that cookie stealing also bypasses 2FA, probably even when you're logged in via a hardware based security key like Google Titan and YubiKey.
Clearing cookies when closing the browser + partitioning cookies certainly avoid or reduce these problems.
Logging in to see how many sessions are logged in to i.e. Google account is also a good idea. If something suspicious log out of every session.
Yes, but this attack may happen in realtime, so it's not the best solution. Speaking of Gmail, I always get to see two login sessions, but they both have my own IP address, is this some type of bug in Gmail? I don't get this with Yahoo Mail.
I login to gmail using a browser on Windows/Android and no problem here, but I tend to sign out of all devices manually via Google.
On mobile OSes it is probably less problematic, because apps are isolated from each other. Malware by default does not have an easy way to gather cookies from other app. I wonder what i.e. Windows API could do about that. Does it allow to store secrets such as some info from cookies and persist it between reboots? Or at least a key to decrypt Firefox's SQLite database.
I'm not following you, I believe TairikuOkami said he didn't have any problems. But what do you think about my situation? Why would Gmail think I have two logged in sessions on the same machine when I login via Vivaldi? Is it perhaps some sneaky extension spying on my Gmail?
People lost quite a lot of money because of these cookie stealers that hackers could buy on the Genesis Market which was shut down. It does make me wonder how these people's were infected in the first place, I assume most of them would use an AV like Win Defender. https://www.bbc.com/news/uk-65180488
