Your Google Account May Be at Risk — Hackers Find a Way to Gain Access Without a Password

Cybercriminals can potentially access Google accounts even without a password, security researchers have warned. Uncovered by security firm CloudSEK, the hack involves the implementation of dangerous malware that can gain unauthorized access to user data using third-party cookies.

The hack in question was originally revealed in October 2023 by a hacker named PRISMA, when the threat actor posted about it in a Telegram messenger channel. In its post, CloudSEK provided a detailed explanation of how Google accounts lay vulnerable to the hack.

How Can Hackers Gain Access to Your Google Account by Exploiting Browser Cookies?

The security of Google accounts can potentially be compromised by exploiting a vulnerability in cookies, CloudSEK explained. Browsers and websites use cookies to improve their usability and efficiency by tracking the users.

The cookies exploited in this case are the Google authentication cookies, which save users the time and hassle of entering their login details to be able to access their accounts.

Hackers, however, have discovered a way to retrieve these cookies, which they then use to bypass two-factor authentication.

Pavan Karthick M, a threat intelligence researcher at CloudSEK, went on to add that the newly discovered exploit allows constant access to Google's services even if the user resets their password.

It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats.Pavan Karthick M

The vulnerability and its potential exploit shed focus on the level of the stealth and complexity of modern-day cyberattacks warned the researchers who initially discovered it.

Both technical vulnerabilities and information human intelligence sources have to be constantly monitored to protect yourself from new-age cyber threats, Pavan Karthick M mentioned.

The post from CloudSEK also goes on to add that cyber attackers exploiting the method can generate valid cookies in the event of a session disruption. This enables the attacker to maintain unauthorized access with significantly improved efficacy.

Several hacking groups have already been testing the exploit, CloudSEK reported. A malware named Lumma Infostealer that incorporates the exploit was deployed on October 14. Other similar malware such as Stealc Stealer, Meduza, Risepro, Rhadamanthys, White Snake, and others followed soon.

Google Claims to Have Taken Action Already

Google issued a statement assuring that it regularly upgrades its defenses against techniques and plays its role in securing users falling victim to malware.

Google advised users to frequently check for malware in their computers and remove them.

The tech giant also added that it had already taken action to secure any compromised Google accounts it detected.

The tech giant also recommended that users activate Enhanced Safe Browsing on Chrome to protect themselves from malware downloads and phishing attacks.

Google Chrome happens to be the world's most popular web browser, having secured a market share of over 60% last year.

Google is currently cracking down on third-party cookies on Chrome in a bid to move away from the practice. Instead, the tech giant rolled out the Topics API earlier last year.

A part of the Privacy Sandbox by Google, this Javascript API will supposedly replace third-party cookies. It will instead enable websites to ask the browser for necessary information directly.

The post Your Google Account May Be at Risk - Hackers Find a Way to Gain Access Without a Password appeared first on The Tech Report.