Security Alert: New Malware Exploit Targets Google Accounts, Bypassing Passwords A recent discovery by cybersecurity company CloudSEK has unveiled a concerning hack that allows unauthorized access to individuals’ Google accounts without the need for passwords.
This exploit involves a new type of malware that utilizes third-party cookies to gain entry to private data, posing a serious threat to user security. The revelation dates back to October 2023 when a hacker shared details of the exploit on a Telegram channel.
PRISMA, a developer, identified a critical vulnerability enabling the generation of persistent Google cookies through token manipulation. This exploit allows continuous access to Google services, even after a user resets their password, according to Pavan Karthick M, a threat intelligence researcher at CloudSEK.
The root of the exploit was traced to an undocumented Google OAuth endpoint named “MultiLogin.” The vulnerability specifically targets Google authentication cookies, which provide users with seamless access to their accounts without the need for frequent logins.
Hackers discovered a method to retrieve these cookies, bypassing two-factor authentication measures. While Google has taken action to secure compromised accounts, emphasizing routine upgrades to defenses against such techniques, users are urged to remove any malware from their computers.
Google recommends activating Enhanced Safe Browsing in Chrome for enhanced protection against phishing and malware downloads. The incident underscores the importance of continuous monitoring of technical vulnerabilities and human intelligence sources to stay ahead of evolving cyber threats, as highlighted by Karthick M.
As Google continues to enhance its security measures, users are advised to remain vigilant and proactive in safeguarding their online accounts.
