In the ever-evolving world of cybercrime, hackers constantly find new ways to infiltrate our digital lives.

The latest threat?

A sophisticated hack that allows cybercriminals to access Google accounts without needing the user's password.

This alarming development was uncovered by security researchers at CloudSEK, who found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people's private data.

The exploit was first revealed in October 2023 when a hacker posted it in a channel on the messaging platform Telegram.

Hackers discovered a way to steal people’s Google account passwords. Credit: Unsplash

The post detailed how Google accounts could be compromised through a vulnerability with cookies. Websites and browsers use these small pieces of data to track users and enhance their browsing experience.

Google authentication cookies, in particular, allow users to access their accounts without constantly having to enter their login details.

However, the hacker found a way to retrieve these cookies, bypassing two-factor authentication.

Google Chrome, the world's most popular web browser, with a market share greater than 60 per cent last year, is cracking down on third-party cookies.

It came after cybersecurity firm Proofpoint reported that there had been an increase in so-called ‘ClearFake’ attacks, where users were lured into clicking fake notifications to update their browsers.

The cyberattack works by attackers compromising legitimate websites and planting fake browser update alerts on the site.

When visitors try to access content, a pop-up appears, urging them to download the latest Chrome version. If they click this pop-up, malware is automatically installed in the victim’s device, which can steal personal data.

However, this new exploit underscores the complexity and stealth of modern cyber-attacks.

In response to the threat, Google stated, 'We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.'

‘Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.’

The researchers who first uncovered the threat emphasised the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.

'This exploit enables continuous access to Google services, even after a user's password is reset,' wrote Pavan Karthick M, a threat intelligence researcher at CloudSEK, in a blog post detailing the issue.

‘It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.’

Google’s security issue was released by Pavan in his report entitled ‘Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’.

Protecting Your Google Account

To protect your Google account from this type of attack, consider the following steps:

• Regularly clear your cookies: This can prevent hackers from accessing your authentication cookies.
• Enable Enhanced Safe Browsing: This feature in Chrome can protect against phishing and malware downloads.
• Regularly change your password: Even though this exploit allows hackers to bypass passwords, regularly changing your password can still provide an extra layer of security.
• Enable two-factor authentication or 2-Step Verification: This adds an additional layer of security by requiring a second form of verification when logging in.

Key Takeaways

• Security researchers have discovered a method for hackers to access Google accounts without passwords, utilising third-party cookies.
• The exploit allows cybercriminals to bypass two-factor authentication and has already been actively tested.
• Google is aware of the malware threat and has taken action to secure any compromised accounts, urging users to enhance browser safety settings.
• The report by CloudSEK underlines the importance of continuously monitoring vulnerabilities and indicates that even resetting passwords may not thwart attackers.

For directions to turn on Enhanced Safe Browsing in Google Chrome, click here.

What are your thoughts on this new hacking method? Have you taken steps to protect your Google account? Share your experiences and tips in the comments below.

 

[Zemo]

"Bring back the slate," I say ...

 

[Glo72]

The older we get the more we have to learn to stay safe.

 

[David567]

So we can't even trust Google. They were just fined for spying on people using private browsers. Can't trust anyone these days.

 

[Tygie]

In the ever-evolving world of cybercrime, hackers constantly find new ways to infiltrate our digital lives.

The latest threat?

A sophisticated hack that allows cybercriminals to access Google accounts without needing the user's password.

This alarming development was uncovered by security researchers at CloudSEK, who found that a dangerous form of malware uses third-party cookies to gain unauthorised access to people's private data.

The exploit was first revealed in October 2023 when a hacker posted it in a channel on the messaging platform Telegram.

View attachment 38698

Hackers discovered a way to steal people’s Google account passwords. Credit: Unsplash

The post detailed how Google accounts could be compromised through a vulnerability with cookies. Websites and browsers use these small pieces of data to track users and enhance their browsing experience.

Google authentication cookies, in particular, allow users to access their accounts without constantly having to enter their login details.

However, the hacker found a way to retrieve these cookies, bypassing two-factor authentication.

Google Chrome, the world's most popular web browser, with a market share greater than 60 per cent last year, is cracking down on third-party cookies.

It came after cybersecurity firm Proofpoint reported that there had been an increase in so-called ‘ClearFake’ attacks, where users were lured into clicking fake notifications to update their browsers.

The cyberattack works by attackers compromising legitimate websites and planting fake browser update alerts on the site.

When visitors try to access content, a pop-up appears, urging them to download the latest Chrome version. If they click this pop-up, malware is automatically installed in the victim’s device, which can steal personal data.

However, this new exploit underscores the complexity and stealth of modern cyber-attacks.

In response to the threat, Google stated, 'We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.'

‘Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.’

The researchers who first uncovered the threat emphasised the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.

'This exploit enables continuous access to Google services, even after a user's password is reset,' wrote Pavan Karthick M, a threat intelligence researcher at CloudSEK, in a blog post detailing the issue.

‘It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.’

Google’s security issue was released by Pavan in his report entitled ‘Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’.

Protecting Your Google Account

To protect your Google account from this type of attack, consider the following steps:

• Regularly clear your cookies: This can prevent hackers from accessing your authentication cookies.
• Enable Enhanced Safe Browsing: This feature in Chrome can protect against phishing and malware downloads.
• Regularly change your password: Even though this exploit allows hackers to bypass passwords, regularly changing your password can still provide an extra layer of security.
• Enable two-factor authentication or 2-Step Verification: This adds an additional layer of security by requiring a second form of verification when logging in.

Key Takeaways

• Security researchers have discovered a method for hackers to access Google accounts without passwords, utilising third-party cookies.
• The exploit allows cybercriminals to bypass two-factor authentication and has already been actively tested.
• Google is aware of the malware threat and has taken action to secure any compromised accounts, urging users to enhance browser safety settings.
• The report by CloudSEK underlines the importance of continuously monitoring vulnerabilities and indicates that even resetting passwords may not thwart attackers.

For directions to turn on Enhanced Safe Browsing in Google Chrome, click here.

What are your thoughts on this new hacking method? Have you taken steps to protect your Google account? Share your experiences and tips in the comments below.

I wouldn't use Chrome for $h!t !!! Can't stand that browser. It is weak and pathetic. (just like Norton). I have layered security and tweaked everything along with it. I use a different browser that i installed google onto. i have alerts set to let me know when & if there is a problem and it is caught/quarantined for me to deal with.
Besides that i have nothing of use to anyone on the computer anyway - anything that is of use is never left on the computer or is destroyed by the security. Not that anyone would want pictures of my cat or see how far i am up to on a game.
Keep your eye on your security and the apps/programes up to date and you are less likely to cop an attack.