Technology News
  • Home
  • Apps
  • Apps News
  • Google Responds to Detection of Session Token Malware Capable of Hijacking Accounts: Report

Google Responds to Detection of Session Token Malware Capable of Hijacking Accounts: Report

The zero-day exploit allows malicious users to regenerate an authentication cookie to log in to a user's account, even after a password change.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 3 January 2024 15:17 IST
Google Responds to Detection of Session Token Malware Capable of Hijacking Accounts: Report

Photo Credit: Unsplash/ @firmbee

Users can enable Enhanced Safe Browsing on Chrome to avoid malware downloads

Highlights
  • Hackers can use stolen session tokens to gain access to a user's account
  • The exploit allows hackers to gain long-term access to Google accounts
  • Users can revoke the sessions by logging out of the affected browser
Advertisement

Malware designed to steal information from users and hijack their Google accounts is being exploited by multiple malicious groups — even after a password has been reset — according to security researchers. The exploit is reportedly aimed at Windows computers. Once the device is infected, it uses a technique used by "info stealers" to exfiltrate the login session token — assigned to a user's computer when they log in to their account — and upload it to the cybercriminal's server.

According to a report published by researchers at CloudSEK, the malware was first launched by threat group PRISMA in October 2023, and uses the search giant's OAuth endpoint called MultiLogin that is used by Google to allow users to switch between user profiles on the same browser or use multiple login sessions simultaneously. The malware uses auth-login tokens from a user's Google accounts that are logged in on the computer. The necessary details are decrypted with the help of a key that is stolen from the UserData folder in Windows, as per the report.

Using the stolen login session tokens, malicious users can even regenerate an authentication cookie to log in to a user's account after it has expired — it can even be reset once, when a user changes their password. As a result, the malware operators can retain access to a user's account. Threat intelligence group Hudson Rock has provided a demonstration of the flaw being exploited.

 

Meanwhile, BleepingComputer points out that various malware creators have already started to use the exploit to gain access to user data — on November 14, the Lumma stealer was updated to take advantage of the flaw, followed by Rhadamanthys (November 17), Stealc (December 1), Medusa (December 11), RisePro (December 12), and Whitesnake (December 26).

In a statement to 9to5Google, the search giant said that it routinely upgraded its defences against the techniques used by malware, and that compromised accounts detected by the company have been secured.

Google also points out that users can revoke or invalidate the stolen session tokens by either logging out of the browser on a device that has been infected with the malware, or by accessing their devices page in their account settings and remotely sign out of those sessions. Users can also scan their computers for malware and enable the Enhanced Safe Browsing setting in Google Chrome to avoid downloading malware to their computers, according to the company.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Malware, PRISMA, Google account
David Delima
David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Moto G34 5G India Launch Date Set for January 9; to Be Available on Flipkart
CoinDCX Refutes Claims of Being Probed for Fraud as Disorderly Chaos Keeps India’s Crypto Sector Engulfed

Related Stories

Google Responds to Detection of Session Token Malware Capable of Hijacking Accounts: Report
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Google Pixel 8a AI Features, Software Support Details Leaked
  2. Vivo X100 Ultra, Vivo S19 Series Certified Ahead of China Debut
  3. Samsung Galaxy Z Fold 6 Ultra Might Not Be Available Everywhere: Report
  4. Oppo Find X7 Ultra Review
  5. WhatsApp Says It Will Exit India If Asked to Break Encryption: Report
  6. HMD to Bring Self-Branded Smartphone to India; More Details on April 29
#Latest Stories
  1. Apple ID Account Bug Locks Some Users Out of Accounts, Forces Password Reset
  2. Google Pixel 8a Video Showing AI Features Leaks; Promotional Images Indicate 7-Year Software Support
  3. Vivo X100 Ultra, Vivo S19 and Vivo S19 Pro Bag 3C Certification Ahead of Anticipated Launch in China
  4. Apple Renews Talks With OpenAI for iPhone Generative AI Features
  5. Samsung Galaxy Z Fold 6 Ultra to Launch Just in South Korea; Galaxy Watch Ultra in Works: Report
  6. WhatsApp Goes: Platform Reportedly Warns It Will Exit India If Asked to Break End-to-End Encryption
  7. Redmi Note 13 Pro+ 5G World Champions Edition Design Teased; to Launch in India on April 30
  8. Samsung Galaxy S24 FE Moniker and Model Numbers Reportedly Spotted Online
  9. Google Meet Introduces ‘Switch Here’ Feature That Lets Users Switch Devices Without Leaving a Call
  10. HMD's Self-Branded Smartphone to Launch in India; Details to Be Revealed on April 29
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »