Google Accounts at Risk of New Hack: Changing Passwords Ineffective
The world was in chaos when news broke that a new malware was affecting Google Chrome, enabling access to login tokens and accounts. The malware had been spreading rapidly, and people were struggling to keep their devices secure.
An alleged new technique allows malicious actors to exploit the functionality of the authorization protocol OAuth2 in order to compromise Google accounts and sustain active sessions through the regeneration of cookies, even after an IP or password reset.
According to Cybernews and Google Chrome Help, the malware was causing unwanted pop-ups, redirects, and suspicious behavior. It was stealing personal information and harming devices, leaving people feeling vulnerable and exposed.
Attackers can get to login tokens stored in Chrome’s local database and decrypt them by installing malware on desktops in this security hole. The stolen tokens are then used to send requests to a Google API, which Chrome usually uses to keep your account information in sync across all of Google’s services. This process generates persistent Google cookies, allowing unauthorized access to user accounts.
The unique thing about this new vulnerability is that it can also get around two-factor authentication. Despite changing the password, it keeps getting in. This raises questions about the effectiveness of the additional security layer.
The attack uses a key infusion from restore files to reauthorize cookies even after a password change. The frightening aspect is that this “restoration” process can be repeated without the victim’s knowledge.
Researchers have identified rapid exploit integration among various Infostealer groups as a cause for concern. The authors contend that the utilization of an unapproved Google OAuth2 MultiLogin endpoint serves as an illustrative instance of sophistication. This is due to the fact that the strategy relies on a sophisticated manipulation of the GAIA ID (Google Accounts and ID Administration) token. Through an additional layer of encryption, malware conceals the exploit mechanism.
As more people in the cybersecurity community learn about these kinds of attacks, researchers, service providers, and affected users must work together to come up with effective solutions. The discovery shows how important it is to act quickly and come up with ways to fix vulnerabilities and keep users safe from new cyber threats.