Security experts at CloudSEK have reportedly identified a new form of malware that exploits third-party cookies, allowing unauthorized access to Google accounts without the need for passwords.
The Independent reports the alarming security breach, first announced on a Telegram channel by a hacker in October 2023, exploits vulnerabilities in third-party cookies. Specifically, it targets Google authentication cookies, which are normally used to streamline user access without repeated logins.
Hackers have devised a method to extract these cookies, allowing them to bypass password-based security and even two-factor authentication mechanisms to access user accounts.
This exploit is a major risk for all Google accounts as it allows for ongoing access to Google services, even after a user’s password has been changed. An analysis by the cybersecurity firm CloudSEK indicates that several hacking groups are actively experimenting with this technique.
"Hackers were able to access sensitive information in corporate and government email system thanks to Microsoft’s security failures." https://t.co/zaNph3cBf1
— Breitbart News (@BreitbartNews) October 23, 2023
The widespread use of Google Chrome, one of the most popular web browsers in the world which allows users to log in to a browser “profile” with their Google account, makes this exploit particularly dangerous.
In response to this threat, Google issued a statement highlighting their efforts, stating: “We routinely upgrade our defenses against such techniques and to secure users who fall victim to malware.
In this instance, Google has taken action to secure any compromised accounts detected.” They further advise users to “continually take steps to remove any malware from their computer and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.”
Ransomware attacks have become a growing issue in recent years, now a new report claims that hackers cost schools $3.56 billion in losses and downtime in just 2021. https://t.co/GDzgt3sZCP
— Breitbart News (@BreitbartNews) June 28, 2022
Pavan Karthick M, a threat intelligence researcher at CloudSEK, detailed the issue in a blog post, highlighting just how dangerous this new hacking method could be: “This exploit enables continuous access to Google services even after a user’s password is reset.
It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.”
Read more at The Independent here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.