Many hacker groups are taking advantage of a dangerous vulnerability that allows cookie recovery to take over Google accounts.
According to TechRadar, cybersecurity company CloudSEK recently discovered a vulnerability in Google services that could allow attackers to gain access to victims’ Google accounts, even if they have changed their passwords. This vulnerability was discovered in October 2023 and has since been exploited by many different cybercriminal groups. Users need to be aware of this vulnerability and take steps to protect their online security.
According to CloudSEK, a vulnerability in Google services allows attackers to manipulate login tokens to create cookies that can be stored for a long time, granting them continuous access to the victim’s account even after the password has been changed. At least six cybercriminal groups, including Lumma, Rhadamanthys, Risepro, Meduza, Stealc, and White Snake, are actively exploiting this vulnerability.
One point of concern is that this vulnerability affects both Google OAuth and MultiLogin services, which are used to connect Google accounts to other services. This means that attackers can not only access email accounts but also gain access to other services such as Drive, YouTube, and Docs.
To protect yourself from the recently discovered vulnerability in Google’s OAuth and MultiLogin services, it is recommended that users exercise caution with links of unknown origin, keep their software up to date, use strong passwords, and enable multi-factor authentication. While Google has not yet made an official announcement about the vulnerability, taking these precautions can help safeguard your online security.