Recently, it has been revealed that social media accounts can be hacked without the need for passwords or verification codes. This is due to a technique known as "cookie hijacking" or session hijacking, where attackers gain access to accounts by importing cookies into their browser.
In most cases, cookie theft is carried out through specialized malware known as "infostealers," which extract cookies, saved passwords, and active sessions to send that information to the attacker's server. Some of the most commonly used infostealers are RedLine Stealer, Raccoon Stealer, Vidar, Aurora, and Lumma, which are sold on the black market for monthly subscriptions ranging from 100 to 300 dollars.
Although there is no official confirmation, it is suggested that the president of the INE, Lorenzo Córdova, was recently a victim of a session hijacking. Apparently, his account was used to post unauthorized content related to crypto scams. This highlights the vulnerability of social media to such attacks, especially those that do not detect unusual behaviors.
To protect against cookie hijacking, it is recommended not to open unexpected files, use a specific browser for social media, enable login alerts, and regularly review active sessions, among other security measures. It is important to note that session hijacking via cookies is a practice that is becoming increasingly common due to the accessibility of the tools to carry it out.
In summary, account hacking through cookie session hijacking is a reality that affects a large number of users today. It is essential to stay informed about these practices and take preventive measures to protect online security.
