New malware is capable of stealing your information by abusing an undocumented Google OAuth endpoint called “MultiLogin” to restore expired authentication cookies and log into Google accounts, even if the password of a account has been reset.
Hackers are behind new malware that allows you to bypass the security of your Google account using cookies. This malware can access your account even if you change your password or if you enable two-factor authentication.
According to a report by BleepingComputer and a detailed analysis by CloudSEK and Hudson Rock, this malware exploits a cookie-related vulnerability in Google Chrome. The malware first infects your computer and then steals and decrypts login tokens stored in Chrome’s local database. These tokens are used by Chrome to synchronize your account between different Google services.
Also read – Android: these 13 applications can take control of your smartphone, uninstall them quickly!
This malware uses cookies to steal your account
The malware then uses these tokens to send a request to a Google API and generate persistent, stable Google cookies that can authenticate your account. These cookies can be used by attackers to access your account from any device or browserwithout needing your password or verification code.
The most alarming part of this attack is that cookies can be re-authorized using a key from the recovery files that the malware creates on your desktop. This means that cookies may remain valid even after you change your password. Additionally, attackers can repeat this process several times if you are unaware of the infection.
We know that This vulnerability has been exploited by at least six malware groups, who sell it on the dark web. It was reportedly first discovered in mid-November, and some groups claim to have updated it to evade countermeasures put in place by Google.
Security experts advise users to regularly scan your desktop using reputable antivirus software and delete any suspicious files. You can also check your Google account activity and sign out of any devices or browsers you don’t recognize.