Researchers have uncovered a flaw that lets hackers access people’s Google accounts without needing their passwords.
According to the cybersecurity company CloudSEK, a new type of malware that uses third-party cookies to gain unauthorised access to people’s private data is already being actively tested by hacking groups.
The exploit was first discovered in October 2023, when a hacker posted about it on a Telegram channel.
“In October 2023, PRISMA, a developer, uncovered a critical exploit that allows the generation of persistent Google cookies through token manipulation. This exploit enables continuous access to Google services, even after a user’s password reset,” said Pavan Karthick M, a threat intelligence researcher at CloudSEK.
The researchers identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin”.
The post described how accounts could be compromised due to a flaw in cookies, which websites and browsers use to track users and improve their efficiency and usability.
Google authentication cookies allow users to access their accounts without constantly entering their login information; however, hackers discovered a way to retrieve these cookies in order to circumvent two-factor authentication.
According to the Independent, the Chrome web browser is presently in the process of cracking down on third-party cookies.
We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected,” Google was quoted as saying.
“Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,” it added.
Further, Karthick M mentioned that this highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.