Serious Discussion Does logging out and deleting cookies has any effect on session stealing attack?

gfgtkitkat34

gfgtkitkat34

Level 2
Thread author
Aug 14, 2024
51
So it appears cookie/session hijacking become one of the key vulnerabilities of 2FA, and it has made millions of internet users paranoid. Now let's say a computer is infected with a session stealer that is designed to steal the cookies as fast as possible and then vanish.

1. What would happen if the user has a habit of logging out from websites the moment he's done with them and clears all cookies after that? Will the author of the session stealer still be able to carry out the attack?

2. Do third-party AV solutions offer any protection against this type of attack, or are they equally ineffective just like Windows Defender?
 
  • Like
Reactions: Sorrento
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,783
1. Logging out and clearing cookies can help mitigate the risk as it invalidates the session. However, if the session stealer captures the cookie before logout, it could still be a threat.

2. Some advanced AV solutions can detect and block such attacks, but they are not 100% foolproof. User behavior and awareness are also crucial in prevention.
 
  • Like
Reactions: Studynxx, TairikuOkami, Wrecker4923 and 2 others
bazang

bazang

Level 12
Jul 3, 2024
551
gfgtkitkat34 said:
it has made millions of internet users paranoid.
Click to expand...
No. Perhaps a few thousand. The vast majority of people don't know, don't care, and even if they did know they still wouldn't care.

gfgtkitkat34 said:
1. What would happen if the user has a habit of logging out from websites the moment he's done with them and clears all cookies after that? Will the author of the session stealer still be able to carry out the attack?
Click to expand...
Certain replay attacks do not require the user to still be logged in with an active session. If the attacker has the session token, your goose is cooked even if you log out and clear the browser cookies.

gfgtkitkat34 said:
2. Do third-party AV solutions offer any protection against this type of attack, or are they equally ineffective just like Windows Defender?
Click to expand...
The proactive ways to protect against replay attacks are clearly covered and easily understood in this article (it is as good as any of the hundreds of online articles that cover replay attack mitigation):

www.privateinternetaccess.com

8 Ways to Prevent Replay Attacks

Worried about the risk of replay attacks? Learn how to protect your remote work network connections and prevent replay attacks.
www.privateinternetaccess.com www.privateinternetaccess.com
 
  • Like
  • Hundred Points
Reactions: oldschool, gfgtkitkat34 and Sorrento
Wrecker4923

Wrecker4923

Level 2
Apr 11, 2024
53
Logging out and clearing cookies can help mitigate the risk as it invalidates the session. However, if the session stealer captures the cookie before logout, it could still be a threat.
Click to expand...
It seems to me that the bot summarized this pretty well. If you logout and all the cookies/tokens are invalidated; there is nothing to steal. If they manage to steal some tokens/cookies before that, there might be problems even after you logout, varying with the implementations of your services.

The key is to not get malware on your system at the first place. You may not know what the malware is, its capabilities, or the vulnerabilities that your services may have.

Otherwise, sure, always log out for important / not-often-used accounts. Don't click "remember me"/"trust this device" at the 2FA step (that can be stolen too).
 
  • Like
  • Applause
Reactions: roger_m, zidong, gfgtkitkat34 and 1 other person
TairikuOkami

TairikuOkami

Level 38
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,732
gfgtkitkat34 said:
Will the author of the session stealer still be able to carry out the attack?
Click to expand...
1. Yes, especially when using login with Google or MS, because you are still logged into the browser or the account.
MS does not even allow to simply log out, MS only offers the nuke option: Sign out everywhere, which is unusable.
Google is more intertwined, no wonder many users got their 2FA verified accounts stolen, like Linus Tech Tips.
Passkey literally rendered cookie hijacking outdated, passkey renders 2FA and the whole security useless.
gfgtkitkat34 said:
2. Do third-party AV solutions offer any protection against this type of attack
Click to expand...
2. Not really, the attack happens outside the PC, either by clicking on a malicious link or simply visiting a legitimate webpage via malvertising.
Hackers use normal scripts, webapps and API. They are just taking the advantage of technology designed to make everything simpler, like AI.
However, sources familiar with this issue have told BleepingComputer that Google believes the API is working as intended and and that no vulnerability is being exploited by the malware.
Click to expand...
www.bleepingcomputer.com

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Hundred Points
Reactions: Azure, roger_m, oldschool and 1 other person

Similar threads

upnorth
    • +Reputation
    • Like
    • Wow
Cookies for MFA Bypass Gain Traction Among Cyberattackers
Replies
0
Views
791
News Archive
upnorth
upnorth
silversurfer
    • Like
Low-Detection Phishing Kits Increasingly Bypass MFA
Replies
0
Views
759
News Archive
silversurfer
silversurfer
upnorth
    • Like
    • +Reputation
Magnat use Malvertising to Deliver Stealer, Backdoor and Malicious Chrome Extension
Replies
0
Views
1,094
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top