Multiple malware programmes that steal information Families are logging into users’ accounts, even after changing the password, by leveraging the “MultiLogin” undocumented Google OAuth interface.A unique kind of browser cookie known as a session cookie holds authentication data, enabling users to instantly log in to websites and services without having to input their login credentials.Since these cookies are designed to expire, threat actors cannot utilise stolen ones to access accounts forever.
This is reported in an article by CloudSEK and Hudson Rock, as well as BleepingComputer. Essentially, this flaw allows malware to be installed on a desktop computer in order to “extract and decode login tokens contained within Google Chrome’s local database.” In order to get access to Google accounts, a new virus that targets Chrome users has been discovered by CloudSEK and Hudson Rock. This malware relies on cookie trackers. The “Lumma Infostealer” spyware discovered unique access to accounts through this most recent revelation, and it just revealed an upgrade to its software.
The reason why it may occur without consumers realizing they are being accessed by threat actors is because the infamous cookies are allowing it to happen. These cookies restore Google cookies that have expired by using a newly discovered key to query its API. Of utmost worry is the possibility of doing this “restoration” procedure again in the event that the victim remains unaware of their compromise. The fact that the malicious actor may use this exploit one more time to access your account even after you’ve reset your Google Account password makes matters worse.
According to CloudSEK, this URL-abusing malware retrieves tokens and account IDs from Chrome profiles that are signed into Google accounts. Both the service (GAIA ID) and the encrypted token are important bits of information in this stolen data. The infamous cookies are authorising it and restoring expired Google cookies using a newly discovered key that makes queries to its API, it might occur without users realising they are being accessed by threat actors. For threat actors, the only drawback is having to install malware on a device, but this is simple because anybody can trick people using emails, links, and clickbait.
