The JsonCookies malware is a publicly available hacking tool that has been utilized by the Chinese hacking group Cycldek recently. The Cycldek APT (Advanced Persistent Threat) originates from China and uses both custom-made malware and publicly available hacking tools like the JsonCookies threat.
The JsonCookies malware is a rather simple hacking tool. Despite its simplicity, the JsonCookies tool can serve a key role in hacking campaigns. This hacking tool collects cookies from Chromium-based Web browsers via SQLite databases. Instead of looking for specific cookies, the JsonCookies tool would misappropriate the entire database, including:
- Cookie name.
- Cookies value.
- Domain name corresponding to the values.
The collected information is aggregated in a file named ‘FuckCookies.txt.’ The file in question would be transferred to the C&C (Command & Control) server of the operators of the JsonCookies hacking tool.
Initially, the JsonCookies tool was not created with unsafe intent, but the cybercriminals spotted the opportunity it presented and weaponized this service quickly.