Cybercriminals find new way to access Google accounts without password: Report


New Delhi, Jan 7 (IANS): Researchers have uncovered a hack that lets hackers access people's Google accounts without needing their passwords.

According to the cybersecurity company CloudSEK, a new type of malware that uses third-party cookies to gain unauthorised access to people's private data is already being actively tested by hacking groups.

The exploit was first discovered in October 2023, when a hacker posted about it on a Telegram channel.

"In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user's password reset," said Pavan Karthick M, a threat intelligence researcher at CloudSEK.

The researchers identified the exploit's root at an undocumented Google Oauth endpoint named "MultiLogin".

The post described how accounts could be compromised due to a flaw in cookies, which websites and browsers use to track users and improve their efficiency and usability.

Google authentication cookies allow users to access their accounts without constantly entering their login information; however, hackers discovered a way to retrieve these cookies in order to circumvent two-factor authentication.

According to the Independent, the Chrome web browser is presently in the process of cracking down on third-party cookies.

“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google was quoted as saying.

“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,” it added.

Further, Karthick M mentioned that this highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.

  

Top Stories


Leave a Comment

Title: Cybercriminals find new way to access Google accounts without password: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.