- NordVPN has released a hijacked session alert feature to prevent fraud attacks
- The new feature alerts users when their credentials are on sale on the dark web
- It broadens Threat Protection Pro’s already comprehensive protection package
NordVPN has introduced a new feature to protect users from the sale of their cookies on the dark web.
NordVPN’s hijacked session alert feature is the latest addition to its Threat Protection Pro, a suite of tools that improves online security by blocking malicious websites, trackers and ads, and scanning downloads for malware.
The move sees NordVPN, rated the best VPN by TechRadar reviewers, addressing the burgeoning arena of ‘session hijacking.’
Session hacking is the new black when it comes to stealing your details. Rather than attack ever-increasingly robust authentication processes, hackers take a different approach – waiting for a user to complete authentication themselves before stealing their cookies. They don’t hack how you get connected, but instead how you stay connected.
Yet again, the cybersecurity firm seeks to bolster its protection services against the cutting-edge of hacking innovations.
Inside NordVPN’s hijacked session alert feature
Session hijacking is one of the most dangerous threats users face today, massively exposing users to serious issues such as financial fraud and identity theft.
The new NordVPN feature claims to stop session hijacking in its tracks by monitoring marketplaces on the dark web and alerting the user in real time if their cookies are found for sale.
How? As users browse, the tool first checks whether the web browser uses an authentication cookie. If so, it then hashes the entire cookie, converting it into a cryptographic fingerprint without exposing its contents.
It then compares part of the hash against a massive database of approximately 130 billion compromised cookies via NordStellar, NordVPN’s cyber threat intelligence tool, which continuously scans the internet to monitor evolving fraud threats.
When a threat is detected, NordVPN alerts the user directly in the affected browser tab and provides detailed instructions. “We immediately advise users to change the passwords of compromised accounts and log out of all devices they have logged into,” explains Domininkas Virbickas, product director at NordVPN.
Virbickas stresses that privacy protection is built into the feature’s core design. “The system uses a hash-based approach where only part of the cookie hash is sent to our backend for scanning – the full session cookie information never leaves the user’s device.”
Currently, the hijacked session alert checks the most popular websites, including the .com domains of Reddit, Facebook, X, Instagram, GitHub, Amazon, Pinterest, Canva, Lenovo, Spotify, Netflix, Samsung, Asus, HP, Ikea, YouTube, Bing, Yahoo, and LinkedIn. Twitch (.tv domain) is also on this list, Virbickas confirms.
A new answer to a new threat
The feature comes as client-side attacks by cybercriminals continue to rise. This is a type of security breach that occurs on the user’s device, such as the browser or mobile app, rather than on the server.
Using information-stealing tools and SQL injection attacks, hackers steal valuable cookies containing session information, which grants access to user accounts even if they have employed 2FA verification.
This is particularly concerning as cookies often remain valid for 30 days, giving hackers plenty of time to act, using stolen credentials to transfer money or make unauthorised purchases through stolen sensitive data such as credit card numbers and personal information.
Given how quickly criminals act, Virbickas recommends that users who receive alerts take immediate action on the issue without wasting any time. “Speed remains essential because malicious actors work quickly to exploit stolen credentials before victims can respond.”
The new feature is part of a broadening of Threat Protection Pro’s capabilities, with NordVPN recently rolling out a crypto wallet checker scan and enhanced malware protection.
But there’s more in the pipeline, too: Virbickas reveals that NordVPN will soon launch a feature that checks URLs in emails and alerts users to unsafe links. “It will initially work with Gmail, but we plan to extend it to other email platforms too.”
