A new strain of Android malware has been found in the wild that steals users’ authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on compromised devices. The Trojan works by acquiring superuser root rights on the target device, and transferring stolen cookies to a remote command-and-control server operated by attackers. Facebook has security measures in place to block any suspicious login attempts, such as from IP addresses, devices, and browsers that had never been used for logging into the platform before.
Source: https://thehackernews.com/2020/03/android-cookies-malware-hacking.html