I'm trying to understand the ins and outs of session hijacking. Once infostealers infect a computer, how quickly can they grab cookies and session IDs? After they have your cookies, do hackers change passwords right away, or do they hang around for a bit to browse chats first? Also, what happens if reauthorization is required to change an email? How does this behavior differ if it's not required? I've noticed that sometimes accounts get hacked just a day after malware shows up—should I assume my cookies were slow to get to the hackers, or were they watching my profile the whole time? Lastly, when cookies are stolen, do multiple buyers look at the profile before buying, or does the fastest buyer simply change the credentials?
1 Answer
If someone has malicious control over your device, the stealing can happen almost instantly. The timing really varies depending on the malware involved. As for passwords, just having cookies isn't enough to change them directly—you'd need more access than that. Always keep your accounts safe with two-factor authentication!
Exactly! If you have someone's cookies, like on Instagram, you could log into their account and change the email. You'd just get a verification code sent to the new email, and then you can reset the password right from there.