Beware of this clever Google attack that steals your expired cookies| Trending Viral hub

A new exploit threat allows hackers to access your Google account using expired cookies containing your login information. The exploits, which were discovered late last year, target session cookies, which only have a limited lifespan. However, they can “revive” those cookies, putting your personal information at risk.

A hacker called PRISMA revealed for the first time that he had found a way to recover expired Google session cookies. Since then, the cybersecurity company CloudSEK discovered an exploit in a program that allows users to sync their Google accounts across multiple devices. Now, hackers are using that exploit to steal your login and other information. Here’s a breakdown of how it all played out and how you can protect yourself.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY PRACTICES TO MAKE YOU SMARTER

Beware of this clever Google attack that steals your expired cookies

Google Chrome home page (Kurt “CyberGuy” Knutsson)

Exploiting Google Multiple Sign-In

As reported by beepcomputer, certain strains of malware have discovered a backdoor in Google’s authentication system. The vulnerability lies in the MultiLogin endpoint, which remains undocumented and largely unknown to the public. This clandestine gateway allows threat actors to reactivate expired authentication cookies, granting unauthorized access to users’ Google accounts.

Beware of this clever Google attack that steals your expired cookies

Google Chrome home page (Kurt “CyberGuy” Knutsson)

MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM

The role of session cookies

Before we delve deeper, let’s understand the function of session cookies. These specialized browser cookies contain authentication information. If you’ve ever experienced the convenience of returning to a site without re-entering your credentials, you’ve come across session cookies. However, its design intentionally limits its useful life to prevent prolonged unauthorized access.

MORE: HOW GOOGLE DATA CAN MAKE YOU SUSPECT OF A CRIME YOU DIDN’T COMMIT

The Connection of Lumma and Rhadamanthys

In November last year, cybercriminals associated with the Lumma and Rhadamanthys data-stealing malware strains made a bold claim: They could resurrect expired Google authentication cookies stolen during cyberattacks. Armed with these seemingly inactive cookies, a hacker gains access to the victim’s Google account, even if the user logged out, reset their password, or their session expired.

The revelation of PRISMA

The origins of the exploit can be traced back to a post on Telegram by a threat actor known as PRISMA. In October, they unveiled their discovery: a method to restore Google authentication cookies that had reached their expiration date. This revelation set the stage for further investigation.

CloudSEK research

Get into CloudSEK, a cybersecurity firm committed to predicting and preventing cyberattacks. Their researchers took up the challenge and reverse engineered the exploit. Their findings revealed that the MultiLogin endpoint served as a hub for hackers. This undocumented feature makes it easy to synchronize accounts between multiple Google services, making it an ideal target for nefarious activities by malicious actors.

Beware of this clever Google attack that steals your expired cookies

Google Chrome home page (Kurt “CyberGuy” Knutsson)

MORE: GOOGLE FINALLY SUPPORTS DATA COLLECTION IN CHROME’S INCOGNITO MODE

Protection against the MultiLogin exploit

The MultiLogin exploitation raises serious concerns for those of you who are Google account holders. To protect yourself against this threat, consider the following steps:

1) Log out of the affected browser: Google is aware of this issue and has taken steps to protect compromised accounts. Google’s recommendation is to simply log out of the affected browser to revoke session cookies.

2) Improved Safe Browsing: Enable enhanced safe browsing in Chrome for additional protection against malware and phishing attacks.

On your computer:

  • Open Google Chrome on your computer
  • Click the initial in the upper right corner of the browser window
  • Tap Manage your Google account
  • Click Security on the left
  • Low Improved secure browsing for your account – make sure it is turned In

On your smartphone:

  • Open Google Chrome on your computer
  • Click the initial in the upper right corner of the browser window
  • Tap Google Account
  • Click Security
  • Scroll down and below Improved secure browsing for your account – make sure it is turned In

3) Periodically change passwords: Change your Google password regularly to keep your account safe from hackers. If you are having difficulty creating new passwords, consider using a password manager.

4) Have good antivirus software on all your devices: The best way to protect yourself from a data breach is to have antivirus protection installed on all of your devices. Choose the best option for your personal computer, Mac, iPhone either Android smartphone. Having good antivirus software actively running on your devices will alert you to any malware on your system, warn you against clicking on malicious links in phishing emails, and ultimately protect you from being hacked. Get my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.

Kurt’s Key Takeaways

In light of recent attacks targeting Google accounts via resurrected session cookies, it is imperative to strengthen our defenses against these types of cyber threats. From the initial discovery by PRISMA to subsequent investigations by CloudSEK, vulnerabilities in Google’s MultiLogin endpoint have now been exposed.

To protect your account, be sure to log out of affected browsers, enable Enhanced Safe Browsing, regularly update passwords, and have good antivirus software on all your devices. By implementing these security measures, you can thwart attempts to compromise your online privacy and safeguard your digital identities.

How important do you think it is for technology companies like Google to continually update and improve their security protocols to protect you from evolving cyber threats? Let us know by writing to us at Cyberguy.com/Contact.

For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or tell us what stories you’d like us to cover..

Answers to the most frequently asked questions about CyberGuy:

Copyright 2024 CyberGuy.com. All rights reserved.

Check Also

LELO SIRI 3: LELO just launched a sound-activated vibrator| Trending Viral hub

GET TO KNOW SIRI 3: LELO just added the SIRI 3, a sound-activated vibrator, to …

Apple Watch Series 8 is $200 off and at a record price| Trending Viral hub

Save $200: As of February 26, the Apple Watch Series 8 45mm It’s only $229 …

Best Amazon Fire tablet deal: Fire Max 11 has lowest price ever at Woot| Trending Viral hub

SAVE $90: Starting February 26 Amazon’s Fire Max 11 tablet – the brand’s biggest and …

Leave a Reply

Your email address will not be published. Required fields are marked *