There is a new malware found that takes advantage of Google's use of cookies via Chrome, and through this, it can utilize the data to allow authentication to one's account and access it. This is now enforced by threat actors to target individuals who are using Google's browser, and this came at a time during the internet company's plans to phase out cookie use for third-party clients.
Ironically, one of the most notorious hacks taking place now is through cookies, with Chrome being among the last to remove its use to track users.
Chrome Malware Restores Cookies to Access Google Account
CloudSEK and Hudson Rock revealed a new malware that is infecting Chrome users, centering on the access to Google accounts that was made possible by taking advantage of the cookie trackers. This malware is called the "Lumma Infostealer" and it recently announced an update to its malware where it found unique access to accounts through this latest discovery.
It could happen without users noticing that they are getting accessed by threat actors, and this is because the notorious cookies are authorizing it, restoring expired Google cookies via a newfound key, that sends requests to its API.
However, the only caveat here for threat actors is the need to install the malware to a device, but this bit comes easy as many can victimize peole through clickbait, emails, and links. Installing the malware will help "extract and decrypt login tokens stored within Google Chrome's local database."
This Cookie Restoration Malware is Sold to Others
While the threat actors from the Lumma Infostealer own it, they are not necessarily using the malware to attack users via the Chrome browser.
This malware is sold to multiple groups and hackers out there, with six organizations having access to it.
It is important to avoid installing unknown software from the internet, with Google yet to respond to this issue.
Google Chrome's Cookie Phase Out
For a long time, Google has enforced cookies on the Chrome browser and asked for them on different Google-related sites from users, and this means that it will store the said data that it can use to track the account or device holder. Through this, Google can better understand the customer and it is mainly used for advertising, but talks about it getting phased out is already massive since then.
While other browsers have already gone ahead and enforced a block on websites that ask for it, Chrome's promises are yet to be fulfilled, awaiting Chrome's commitment to totally removing cookies.
It was earlier affirmed by Google that it is looking to remove cookies soon, but on the initial rollout of the experience, the Chrome browser will roll this out to 1 percent of its global users only.
Ironically, the latest malware attacking Google account users is taking advantage of Chrome's API that will then use cookies to authorize access, all amidst the plans to remove cookies starting this January 2024.
Related Article : Google Chrome to Block Cookies, Trackers on Browser, But is Limited-Why?