The IT Law Wiki

Session hijacking

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Session hijacking is

an attack in which a legitimate user session is commandeered. In a session hijacking attack, a user's activities are monitored, typically by a malicious browser component. When the user logs into his or her account, or initiates a transaction, the malicious software "hijacks" the session to perform malicious actions, such as transferring money, once the user has legitimately established his or her credentials.[1]

Overview Edit

"Session hijacking can be performed on a user's local computer by malware, or can also be performed remotely as part of a man-in-the-middle attack. When performed locally by malware, session hijacking can look to the targeted site exactly like a legitimate user interaction, being initiated from the user's home computer."[2]

References Edit

  1. The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, at 10.
  2. Id.

Also on Fandom

Random Wiki