Google Accounts Hacked Without Need for Passwords – Tech.co

Posted: January 10, 2024 at 6:52 am

The important feature of the zero-day solution is session persistence, which means a hackers session using a target Google account will continue to remain valid in the face of a password change.

This means the true owner of the Google account wont be able to kick them out with a password reset. But further, it also allows any threat actor exploiting it to generate valid cookies in the event of a session disruption, which CloudSEK says enhances the attacker's ability to maintain unauthorized access.

As of January 2024, Google is yet to roll out a comprehensive solution to the flaw, CloudSEK says.

Unfortunately, hackers have already incorporated the exploit into their info-stealing malware to break into the Google accounts of unsuspecting victims.

After the exploit was made public, in mid-November of 2023, a threat actor later reverse-engineered this script and incorporated it into Lumma Infostealer protecting the methodology with advanced blackboxing techniques CloudSEK notes.

After that, the team behind the Lumma info stealer updated the exploit to make it even harder for Googles detection systems to spot.

CloudSEK says the exploit has now spread rapidly among various other threat groups, making the risk to account holders even higher Rhadamanthys, Risepro, Meduza, and Stealc Stealer have reportedly all incorporated the technique already.

A simple password reset can't be used to beat this attack technique alone. CloudSEK recommends that users who believe their account may have been hacked first log out of all devices and browsers.

Only after following this step can a password reset involving a sufficiently complex and unique password be used to invalidate the threat actor's old tokens.

Read more:

Google Accounts Hacked Without Need for Passwords - Tech.co

Related Posts