Security researchers have recently uncovered a concerning hack that allows cybercriminals to access individuals’ Google accounts without the need for their passwords. According to findings from security firm CloudSEK, a sophisticated form of malware exploits third-party cookies, granting unauthorized access to private data. This exploit is reportedly being actively tested by hacking groups.
The discovery of this exploit dates back to October 2023 when a hacker disclosed it on a Telegram channel. The hacker explained how accounts could be compromised through a vulnerability related to cookies, commonly used by websites and browsers to track users, enhancing efficiency and usability.
Google’s authentication cookies, designed to enable users to access their accounts without repeatedly entering login details, became the focus of the hackers. They managed to retrieve these cookies, allowing them to bypass two-factor authentication. Notably, Google Chrome, the world’s most popular web browser with a market share exceeding 60% last year, is in the process of tightening its stance on third-party cookies.
In response to the discovery, Google issued a statement emphasizing routine upgrades to their defenses against such techniques. The company assured that actions had been taken to secure any compromised accounts detected. Additionally, Google advised users to regularly remove malware from their computers and recommended activating Enhanced Safe Browsing in Chrome for protection against phishing and malware downloads.
The researchers who initially uncovered this threat underscored its complexity and stealth in modern cyber attacks. Pavan Karthick M, a threat intelligence researcher at CloudSEK, highlighted the exploit’s capability to maintain continuous access to Google services even after a user’s password is reset. He stressed the importance of continuous monitoring of technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.
CloudSEK’s report, titled ‘Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking,’ provides detailed insights into the security issue. The report delves into how the exploit manipulates OAuth2 functionality for session hijacking, emphasizing the need for a comprehensive approach to cybersecurity.
As cyber threats evolve in sophistication, this incident serves as a stark reminder of the ongoing challenges in maintaining digital security. The use of third-party cookies, initially intended to enhance user experience, has become a potential avenue for malicious actors. Google’s ongoing efforts to enhance browser security indicate the importance of staying vigilant against emerging threats.
In conclusion, the discovery of this Google account exploit highlights the ever-present need for robust cybersecurity measures. Users are encouraged to stay informed about potential threats, adopt secure browsing practices, and follow recommendations from tech companies to mitigate risks associated with evolving cyber threats.
