Session Cookie Theft Scams on Reddit
Reddit posts in software and gaming communities share links to infostealer malware disguised as useful tools, harvesting browser session cookies that grant access to financial and social accounts without passwords.
Part of: Session Cookie Theft Scams
Last reviewed: 1 June 2026
Reddit's subreddit structure — where communities self-organise around specific interests like gaming, software development, or cryptocurrency — creates niche audiences that fraudsters can target with highly relevant-seeming malware payloads. A legitimate-looking post in a game modding or developer tools subreddit carries more credibility than a generic spam message.
The voting and commenting system can be gamed through bot accounts to make malicious posts appear popular and well-reviewed, further reducing the suspicion that a linked download would normally receive.
How this scam works on Reddit
A new or established Reddit account posts in a relevant subreddit sharing a link to a tool — a game trainer, a data analysis script, a browser extension, or a media processing app. The download contains an infostealer that runs alongside or instead of the advertised programme, collecting browser cookies, saved credentials, and authentication tokens.
Bot accounts in the thread provide fabricated positive reviews and upvotes. Comments thanking the poster 'for this great tool' are generated automatically. A victim who downloads the file and executes it notices no immediate problem — the infostealer operates silently.
Harvested cookies for sites the victim visits regularly — trading platforms, cloud storage, email — are then used to access those accounts. Some operations sell Reddit cookies specifically, using them to take over accounts with high karma to further distribute malware through trusted-looking posts.
Common red flags
- Reddit post sharing a download link for a tool with an unusually high upvote ratio for a new account
- All positive comments in a thread appearing shortly after posting with generic wording
- Download hosted on a file-sharing site rather than a credible code repository with verifiable history
- Executable file in a download described as a script, extension, or media tool
- Security software flagging the downloaded file as suspicious after extraction
- Unexpected account activity on sites visited from the device after running the downloaded programme
How to protect yourself
- Download software tools shared on Reddit only if the project has a verifiable repository history with genuine community contribution
- Scan all downloaded executables with updated security software before running
- Use browser settings to limit cookie persistence on high-value financial sites
- Enable multi-factor authentication on financial, email, and social accounts so stolen cookies cannot be used alone
- Keep your operating system and browser updated to reduce exploit surface for infostealer delivery
- Enable Reddit's two-factor authentication to protect your own account from compromise
How to report it
- Report the post to the subreddit moderators and to Reddit's trust and safety team using the in-app report function
- Submit the malware sample to a reputable threat intelligence provider for analysis
- Report to your national cybercrime unit if financial loss or significant identity harm resulted
Frequently asked questions
How can I tell if a Reddit-shared tool is genuine?
Look for a publicly verifiable code repository (such as GitHub) with a meaningful commit history and genuine user contributions. Check whether the developer has an established identity on Reddit and elsewhere. Avoid downloading binaries unless you can compile from source or verify a reproducible build. When in doubt, do not install.