Cybercriminals have stolen and are actively selling over 93.7 billion web cookies on dark web marketplaces, according to new research from NordStellar, a threat exposure management platform.
The comprehensive study reveals alarming details about how these digital breadcrumbs are harvested, what sensitive information they contain, and the significant risks they pose to internet users worldwide.
The research uncovered that nearly all stolen cookies were harvested through sophisticated malware campaigns, primarily using infostealers, trojans, and keyloggers.
Redline Stealer emerged as the dominant threat, responsible for collecting almost 42 billion cookies, though only 6.2% remained active at the time of analysis.
Other major players include Vidar, which collected 10.5 billion cookies with 7.2% still valid, and LummaC2, responsible for over 8.8 billion stolen cookies.
Particularly concerning is CryptBot, an infostealer targeting Windows systems that, while accounting for only 1.4 billion cookies, maintained an 83.4% active rate, making it the most effective malware in the dataset.
These malicious tools often hide in pirated software or seemingly harmless downloads, scanning browser cookie storage and transmitting data to command-and-control servers within minutes of infection.
Sensitive Data Exposed Through Cookie Analysis
The stolen cookies contain far more than simple browsing preferences. Researchers found that many cookies were tagged with keywords indicating their value to cybercriminals: “ID” appeared in 18 billion cookies, “session” in 1.2 billion, “auth” in 272.9 million, and “login” in 61.2 million.
Of the total 93.7 billion cookies analyzed, 15.6 billion were still active, meaning they could be used to hijack live user sessions without requiring passwords.
The data extends beyond account access, with cookies containing personal information including names, email addresses, locations, birthdates, and even physical addresses.
Google services dominated the dataset with over 4.5 billion stolen cookies linked to Gmail and Google Drive, while YouTube and Microsoft each accounted for more than 1 billion cookies.
Geographically, the theft spans at least 253 countries and territories, with Brazil, India, Indonesia, and the United States among the most impacted regions.
Protection Strategies Against Cookie Theft
Security experts recommend several protective measures to safeguard against cookie theft.
Users should carefully evaluate cookie consent banners rather than automatically accepting all cookies, particularly rejecting unnecessary third-party tracking cookies.
Regular cookie clearing, especially after using public or shared computers, reduces the window of vulnerability.
Additional security measures include deploying anti-malware tools to block malicious websites and scan downloads, avoiding public Wi-Fi networks, and using VPN services to encrypt internet traffic.
The research emphasizes that stolen cookies can enable account takeovers, bypass two-factor authentication on trusted devices, facilitate targeted phishing attacks, and even support ransomware deployment through lateral network movement.
The findings highlight the critical importance of cookie security awareness as cybercriminals continue exploiting these seemingly innocuous data fragments for significant financial gain and identity theft operations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
