2

Just as the title suggests. I have a PasswordStealer on my PC and I'm afraid that it can do that. AFAIK, that malware can record keystrokes and steal saved passwords which I don't mind because I don't store passwords anywhere and I don't type either. But I left all my social media and mail account logged in by cookies.

To make sure, I have tried copying Chrome's Cookies. File to another device and it didn't work. But I just realized that you can view and edit cookies on your active sessions to get datr, xs, and other important cookies. Now, can the malware also do that or it will just be encrypted?

Soufiane Tahiri
  • 2,667
  • 12
  • 27
Zahran Aghna
  • 21
  • 1
  • 3
    Yes malware does and can steal your cookies.They can even hook your browser and steal or change whatever you surf.Full wipe down straight away, and invalidate your cookies too. – yeah_well Jan 21 '21 at 09:47
  • If they did steal cookies, that would mean im too late isn't it? The malware infected me on Dec 9 (It was from a looks like a legit software which i downloaded on that exact date), i changed my password, added 2FA and log out of all session on Dec 10. Even if i did all of that, they would still get the cookies/sessions right? Because i scanned and removed the Password Stealer on 2 January 2021, turns out it has been there since 9 Desember 2020. – Zahran Aghna Jan 21 '21 at 10:08
  • 2
    Yeah but you can go to those sites and logout/invalidate those sessions.Then the cookies would be worthless – yeah_well Jan 21 '21 at 10:17

1 Answers1

0

For chrome, cookies are stored in an SQLite database file and are protected the same way stored passwords are (on Windows, essentially they can only be decrypted on the same device, see my other answer for more details on how this works). This means that any malware that can steal stored chrome passwords can also decrypt and steal the cookies if it wants to.

nobody
  • 11,251
  • 1
  • 41
  • 60
  • Now i'm really scared. Does cookies-stealing malware that common? And does Password.Stealer usually steals cookies? I don't mind if the malware steals stored password as long as they cant decrypt my cookies and have access to my session. – Zahran Aghna Jan 21 '21 at 07:13
  • @ZahranAghna Not sure how common they are. It's entirely possible that the malware in your case was programmed to only steal passwords. However, you should consider all your accounts compromised, change their passwords and log out of all locations (if such a feature exists with the websites you are concerned about) – nobody Jan 21 '21 at 07:26
  • If they did steal cookies, that would mean im too late isn't it? The malware infected me on Dec 9 (It was from a looks like a legit software which i downloaded on that exact date), i changed my password, added 2FA and log out of all session on Dec 10. Even if i did all of that, they would still get the cookies/sessions right? Because i scanned and removed the Password Stealer on 2 January 2021, turns out it has been there since 9 Desember 2020. – Zahran Aghna Jan 21 '21 at 10:08
  • @ZahranAghna Yes they would have gained temporary access to your account. However, once you change your password and log out from all sessions, those cookies will no longer grant access to your account. So (assuming you've removed he malware) the attacker was only able to access you accounts between 9th and 10th December. – nobody Jan 21 '21 at 10:25
  • I actually detected and removed the malware on 2 January, and that time i also discovered that it has been on my PC since 9th December. I heard that the logs from malwares are usually collected and being sent to the owner's email/folder. I'm just hoping they dont check it...i'm so miserable rn lol. But most of all, i really hope that it only steals passwords/record keylogs. – Zahran Aghna Jan 21 '21 at 10:55
  • I find it interesting that you're not concerned about anything besides social media... (No concern of banking....shopping...work stuff...email...?) My detective skills tell me you're a teen. But regardless: Don't worry, it's not all bad... As long as a **lesson** was learned, then at least *something* good came out of it. (...um, a lesson *was* learned, right?) – ashleedawg Feb 15 '22 at 13:47