Hackers are selling 94 billion stolen cookies on Telegram

Stolen browser cookies let hackers bypass logins and access user accounts.
Hackers are luring users with fake AI tools that install Noodlophile malware and steal sensitive data like browser logins and crypto wallets.

Cybercriminals are trading nearly 94 billion stolen browser cookies on Telegram, with over 20% still active and capable of granting direct access to user accounts.

These cookies, essential for keeping users logged in and websites functioning smoothly, are being repurposed as tools for account hijacking, bypassing login credentials and putting personal data at risk. Security experts warn that hundreds of millions of users globally could be exposed.

The data, revealed by cybersecurity firm NordVPN, shows that the theft spans 253 countries, with Brazil, India, Indonesia, Vietnam, and the US among the most affected.

Google services were the prime target, with over 4.5 billion stolen cookies linked to Google accounts, followed by YouTube, Microsoft, and Bing. Many of these cookies contain session IDs and user identifiers, which allow hackers to impersonate users and access their online accounts without detection.

The surge in cookie theft marks a 74% increase over the previous year, driven largely by the spread of malware. Redline, Vidar, and LummaC2 are among the most prolific infostealers, collectively responsible for over 60 billion stolen cookies.

These malware strains extract saved data from browsers and often act as gateways for more advanced cyberattacks.

New strains like RisePro, Stealc, Nexus, and Rhadamanthys are also emerging, designed to steal browser credentials and banking data more efficiently.

Many of these stolen cookies are being exchanged on Telegram channels, raising alarm about the app’s misuse. In response, Telegram stated:

The sale of private data is expressly forbidden by Telegram’s terms of service and is removed whenever discovered. Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports to remove millions of pieces of harmful content each year.’

With cookie theft becoming an increasingly common tactic, experts urge users to regularly clear cookies, use secure browsers, and consider additional protective measures to guard their digital identity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!