New malware uses cookies to break into Google Accounts

Main Image
  • Like
  • Comment
  • Share

A new malware threat known as has emerged, posing a severe risk to Google account security. A report by BleepingComputer says, unlike traditional phishing scams or brute-force attacks, leverages a vulnerability in cookies, making it a more insidious threat. 

This malware especially targets automatic login session cookies, collecting them from Chrome browsers and resurrecting them even after password resets and two-factor authentication. Check out the details.

Malware Exploits Cookies to Hack Google Accounts

Worryingly, even if you change your password or set two-factor authentication, the malware can still provide illegal access, working as a concealed spare key under a floorboard. At the moment, multiple malware groups are exploiting this vulnerability, with some claiming to have adapted to Google’s defenses.

CloudSek researchers successfully reverse-engineered the vulnerability, which was first exposed in October 2023 by a bad actor known as PRISMA. While cookie regeneration only works once after a password reset, regeneration is unlimited, allowing attackers to persist.

Google appears to be actively tackling the issue, as indicated by a malware developer’s attempt to circumvent its safeguards. However, the tech titan has not revealed any details about its efforts to offset any damage. It is critical to avoid installing software from unknown sources to protect against such assaults. If inappropriate behavior is identified on Google Chrome accounts, users should take prompt action.

Here are several important safety precautions:

  1. Update Chrome: To patch the vulnerability, make sure you’re running the most recent version.
  2. Stay Cautious: Caution should be exercised while clicking on suspicious links or downloading unknown applications.
  3. Manual Sign Out: Sign out of your Google account whenever possible, especially on shared computers.
  4. Turn on Strong 2FA: While not perfect, two-factor authentication offers an additional layer of security.
  5. Keep an eye out for security alerts: Keep an eye out for any unusual activity in Google security alerts.

While a permanent solution is being developed, this cookie-based virus serves as a reminder of the ever-changing nature of cyber threats. Users can drastically lower their chances of falling prey to this devious attack by following these recommendations and remaining informed. Remember that online security is a shared responsibility, so be cautious.

You can follow Smartprix on Twitter, Facebook, Instagram, and Google News. Visit smartprix.com for the most recent news, reviews, and tech guides.

Related Articles

ImageExclusive: Nothing Phone (2a) Design, Specs & India Price Revealed Before Launch!

Nothing Phone (2a) will launch in India on March 5, 2024. Since the phone marks the brand’s entry into a new segment, we’ve followed all the threads and rumors about it. Today, we’ve collaborated with known tipster @OnLeaks to present before our readers their first look at high-quality 5K renders of the Nothing Phone (2a), …

ImageLeaked Android certificates left millions of smartphones vulnerable to malware

Looks like millions of Android smartphones were literally inches away from mass malware attacks. Devices from LG, Samsung and MediaTek chipsets were subjected to a major Android vulnerability. Once exploited, it would have given cyberattackers complete authority over your device. In fact, the privileges that this vulnerability introduces to the injected malware may be more …

ImageWhy is Google warning its Users Against Downloading the Bard App? Read Story to Find Out

Leading American Tech giant Google is not a stranger to malware with millions of users affected by the issue on Android. However, in the last few months, Google has been facing a new-age malware challenge that involves Google’s own AI chatbot Bard. Apparently, Google Bard is being misused by scammers to infect malware into users’ …

ImageHow to Use Google’s Gemini Application on Android Devices

Google Gemini Application, an artificial intelligence-powered chatbot that was earlier only available in the United States was made available by Google in more than 150 countries and regions including India. The Gemini app for Android users was launched earlier this month on February 8, but then it came to the US only. Loaded with new …

ImageGoogle will start deleting millions of inactive Gmail accounts next month

Beware if you haven’t been using any of your Gmail accounts for a while so it will be deleted permanently in a few weeks. Previously, Google announced it would be purging all unused accounts and the content associated with them if the users haven’t logged in or used relevant services for the last two years …

Discuss

1 Comment
Be the first to leave a comment.