Вештачка интелигенција

New Malware Discovered: Hackers Accessing Google Accounts Without User Passwords

Summary

Cybersecurity experts have recently uncovered a new form of malware that allows hackers to gain access to users’ Google accounts without the need for their passwords. This security vulnerability was first discovered in October 2023, when a hacker disclosed information […]

New Malware Discovered: Hackers Accessing Google Accounts Without User Passwords

Cybersecurity experts have recently uncovered a new form of malware that allows hackers to gain access to users’ Google accounts without the need for their passwords. This security vulnerability was first discovered in October 2023, when a hacker disclosed information about it on the Telegram platform.

The malware utilizes third-party cookies to enable unauthorized access to users’ private data. Authentication cookies for Google accounts allow users to access their accounts without entering login credentials. However, hackers have found a way to obtain these cookies and bypass two-factor authentication.

Google Chrome, the world’s most popular browser, is working on eliminating third-party cookies to address this issue. Google has taken steps to protect compromised accounts that have been identified.

To safeguard against potential phishing attacks and malware downloads, it is advised that users regularly take measures to remove malware from their computers and enable the “Enhanced Safe Browsing” feature in the Chrome browser.

This new threat once again highlights the complexity and stealthiness of modern cyber attacks. Pavan Kartik M, a threat intelligence researcher at CloudSEK, emphasizes that this malware allows continuous access to Google services, even after a password change.

The security issue is thoroughly described in a report titled “Compromising Google Accounts: Malware Exploiting Undocumented OAuth2 Functionality for Session Hijacking”, authored by a researcher from CloudSEK.

FAQ