A new stealing malware has appeared on the scene informace and which in doing so exploits an undisclosed Google OAuth endpoint called MultiLogin to refresh expired authentication cookies and log into user accounts even if the account's password has been reset. The website BleepingComputer reported about it.
At the end of November last year, BleepingComputer reported on a spyware called Lumma that can restore Google authentication cookies that have expired in cyberattacks. These files would allow cybercriminals to gain unauthorized access to Google accounts even after their owners log out, reset their passwords, or expire their session. Linking to a CloudSEK server report, the website has now described how this zero day attack works.
In short, the flaw essentially allows malware to be installed on a desktop computer to "extract and decode credentials contained in Google Chrome's local database." CloudSEK has discovered a new virus that targets Chrome users to gain access to Google accounts. This dangerous malware relies on cookie trackers.
The reason this can happen without users realizing it is because the above mentioned spyware enables it. It can restore expired Google cookies using a newly discovered querying API key. To make matters worse, cybercriminals can use this exploit one more time to access your account even if you have reset your Google account password.
You could be interested in
According to BleepingComputer, he has contacted Google several times about this Google issue, but has not yet received a response.
