Google Account Vulnerability: Malware Utilizes Cookies for Unauthorized Access

Onsa MustafaLast Updated: Jan 3, 2024
Google Cookies Malware

Web browser cookies serve as memory tools, remembering your actions on websites like what you put in your shopping cart, the info you fill in forms, and if you’re logged in. But, they also pose risks, allowing malware to access your personal data and banking info. While Google Chrome cracks down on third-party cookies, a recent discovery found malware, leaving Google accounts exposed even after password changes. At least six cybercrime groups are selling this exploit.

Google Account Vulnerability: Malware Utilizes Cookies for Unauthorized Access

Cookies usually read site data and stay on your device with the web browser. However, cybercriminals can misuse cookies to grab your personal info. In a recent case from Bleeping Computer, hackers attempted to restore session cookies storing user login details. Session cookies are temporary and handy for logging in without typing your username and password each time.

Check Also: Google Agrees To Settle $5 bn Lawsuit Over ‘Incognito’ Mode

Google relies on these cookies to keep your login details when you sign in. But a zero-day exploit now lets hackers grab these session cookies, breaking into user accounts without needing passwords or two-factor authentication. Even if the real user resets their password or signs out, hackers can still access accounts.

This problem was first disclosed in October 2023 by someone called PRISMA and later studied by CloudSek researchers. They managed to revive expired Google authentication cookies, which should’ve been gone after the session ended. Luckily, this cookie revival only works once after a password reset, but there’s no limit to how many times it can be done.

Google is working on fixing this issue, but one malware developer has already updated their exploit to bypass Google’s fixes. However, Google hasn’t responded to questions about dealing with the situation.

Right now, these session cookies are a zero-day problem exploited by six cybercrime groups. So, it’s tough to know if you’ve been attacked. To stay safe, avoid unknown software. If you use Google Chrome and notice odd activity on your account, change your password ASAP.

See Also: How Can I Make My Google Drive Content More Secure?

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Onsa MustafaLast Updated: Jan 3, 2024
Photo of Onsa Mustafa

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Get Alerts!

PhoneWorld Logo

Join the groups below to get the latest updates!

💼PTA Tax Updates
💬WhatsApp Channel

>