Security researchers have recently uncovered a concerning exploit that grants cybercriminals access to Google accounts without the need for passwords. This form of malware exploits third-party cookies, posing a serious threat to users’ private data.
Analysis by CloudSEK reveals the utilization of third-party cookies by a dangerous malware strain, allowing unauthorized access to individuals’ Google accounts. The hack, discovered and discussed initially on Telegram in October 2023, targets a vulnerability within cookies, essential for website functionality and user tracking.
Hackers have found a method to retrieve Google authentication cookies, normally used to enable easy access without repeated logins, thereby bypassing two-factor authentication measures. This loophole allows continuous access to Google services, persisting even after a password reset.
Google, in response to this threat, has taken measures to secure compromised accounts detected. Recommendations include consistently removing malware from devices and enabling Enhanced Safe Browsing in Chrome to defend against phishing and malware downloads.
Pavan Karthick M, a CloudSEK threat intelligence researcher, emphasizes the complexity and stealth of modern cyber attacks, underscoring the necessity for continuous monitoring of vulnerabilities and human intelligence sources to combat emerging threats.
This has been extensively detailed in a report titled ‘Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’, penned by CloudSEK researcher Pavan Karthick M.