Cookie Theft
Also known as: Browser cookie theft, Session cookie theft
Cookie theft is the stealing of browser cookies — especially authenticated session cookies — so attackers can impersonate a user without their password. Infostealers harvest cookies in bulk, making cookie theft a primary mechanism for bypassing multi-factor authentication.
What is cookie theft?
Browsers store cookies to remember logins and preferences. Among these are session cookies that keep a user authenticated to a service. Cookie theft is the extraction of these cookies — most commonly by infostealer malware reading the browser's cookie store — so they can be reused elsewhere.
Why stolen cookies are valuable
A valid session cookie is effectively a pre-authenticated key. An attacker who imports it into their browser is logged in as the victim, bypassing the password and any MFA. This is why cookies are a headline item in stealer logs and command a premium in criminal markets.
VantaPrism parses cookies captured in infostealer logs and highlights when an organisation's authenticated sessions may be exposed, enabling immediate session revocation.
Check Your Exposure arrow_forwardFrequently Asked Questions
Why do attackers steal cookies instead of passwords?
How can I reduce cookie-theft risk?
Related Terms
Session hijacking is the takeover of an authenticated session by stealing and reusing its session token or cookie. Be…
Account takeover (ATO) is when an attacker gains unauthorized control of a legitimate user account, typically using s…
Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…
A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…