New Malware Exploits Google Accounts via Third-Party Cookie Hack, Granting Unauthorized Access

Security researchers uncover a potent Google account threat: malware exploiting third-party cookies to bypass security measures.

Security researchers have discovered a sophisticated malware exploit that poses a significant threat to the security of Google accounts, Independent.co.uk reports.

This exploit, which allows cybercriminals to gain unauthorized access without passwords, uses a third-party cookie hack, making it a particularly insidious and difficult-to-combat threat.

New Malware Exploits Google Accounts via Third-Party Cookie Hack, Granting Unauthorized Access
Security researchers uncover a potent Google account threat, a malware exploiting third-party cookies to bypass security measures, prompting urgent vigilance and action. by NICOLAS ASFOURI/AFP via Getty Images)

A Closer Look

The journey of the exploit began in October 2023, when a hacker revealed its existence on a Telegram channel.

A leading security firm, CloudSEK, conducted an in-depth analysis and discovered that the malware, which is now being actively tested by hacking groups, manipulates third-party cookies to compromise user accounts.

The ability of this exploit to bypass two-factor authentication provides cybercriminals with continuous access to Google services, even after a user resets their password.

Pavan Karthick M, a threat intelligence researcher at CloudSEK, emphasized the exploit's extent, stating, "It underscores the complexity and stealth of modern cyber attacks. This exploit enables continuous access to Google services, even after a user's password is reset."

Continuous monitoring technical vulnerabilities and human intelligence sources is recommended to stay ahead of emerging cyber threats, according to Karthick.

Passing Through Google's Fraud Detection

CloudSEK's detailed report, titled "Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking," sheds light on the exploit's discovery, evolution, and its broader implications for cybersecurity.

The report reveals that the exploit, rooted in an undocumented Google OAuth endpoint named "MultiLogin," allows for generating persistent Google cookies through token manipulation.

A timeline of events highlights the rapid evolution of the exploit within various malware groups. Lumma, Rhadamanthys, Stealc, Meduza, RisePro, WhiteSnake, and Hudson Rock all implemented the exploit, enhancing its features and countering Google's fraud detection measures.

Google's Next Steps

The Chrome web browser, boasting a market share of over 60%, is currently in the process of clamping down on third-party cookies.

However, this exploit poses a severe challenge, and Google has issued a statement acknowledging the threat. The tech giant encourages users to remove any malware from their computers and activate Enhanced Safe Browsing in Chrome to enhance protection against phishing and malware downloads.

The implications of this exploit on user privacy and the security of Google services cannot be overstated. Google's ongoing efforts to fortify its defenses and the vigilance required by users are crucial in mitigating the risks associated with this new malware threat.

In Other News

The National Labor Relations Board (NLRB) has ruled that Google's claim that it should not negotiate with a group of YouTube Music employees is illegal.

This decision prompted the tech giant to negotiate with the workers' union, which is made up of YouTube music content operation workers.

Stay posted here at Tech Times.

Tech Times Writer John Lopez
(Photo : Tech Times Writer John Lopez)
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics