A new malware developed by hackers aims primarily to abuse a MultiLogin endpoint not documented by Google OAuth in order to restore authentication cookies and thus log in to Google accounts. The American giant did not take long to issue a response statement on this subject.
After the Lumma malware, the ins and outs of which we were able to discuss last November, here is a new alarming threat to the security of Google accounts, with a hacking method that is ultimately similar. Be careful, as this threat can affect anyone, and password reset or two-factor authentication has little impact on how it works.
Malware that uses cookies to take over your account
A new detailed and collaborative report between BleepingComputer and CloudSEK/Hudson Rock reveals current malware activity aimed at exploiting a Google Chrome cookie vulnerability. The idea is simple: once the malware infects your computer, it then steals and decrypts your login information, which is stored in Google Chrome’s local database. Once this information is collected, it is then used to send a request to a Google API, in order to generate stable cookies allowing your account to be authenticated, without your consent.
So, this method basically allows a hacker to access your account from any device or browser, whether you have changed your password, or whether you are using two-factor authentication or not.
Discovered for the first time last November, this security breach of Google identification is meeting with certain success with certain malicious groups present on the Dark Web. BleepingComputer So far, there are 6 different groups exploiting this security flaw. It is therefore important to clarify once again the need to be careful with the software you download online to avoid having to face such a situation. The use of a powerful antivirus is also strongly recommended.
Faced with the breach, Google responds
It didn’t take long for Google to respond directly to the information mentioned above. “ Malware attacks
who steal cookies and ID tokens are not
news, we are updating our defenses against such
techniques on a regular basis in order to secure the
potential victims of such methods”begins the American giant, to be reassuring.
The firm then wishes to point out that, contrary to popular belief, the user can indeed play a role in combating this malware: “ It is important to note a misconception mentioned in various reports that stolen tokens and cookies cannot be revoked by the user. This is incorrect, because stolen sessions can be invalidated by simply logging out of the affected browser, or revoked remotely via the user’s device management page »
0