A new attack is storming Google, where hackers are able to access Google accounts without needing the victim’s password.

Since the strategy was posted in a hacking channel on Telegram in October 2023, several hacking groups have already begun implementing the attack to gain access to users’ private data.

According to security researchers from CloudSEK, the attack is a form of malware that uses third-party cookies to gain unauthorized access.

It compromises accounts through a cookie vulnerability, a gap in Google’s authentication cookies that allows users to access their accounts without entering their login details.

Hackers have found a way to retrieve these authentication cookies and bypass two-factor authentication, effectively allowing them to enter a victim’s Google account without needing a password.

This attack is not your regular session hijacking attack. Unlike previous attacks, when resetting the password can remove the hacker’s access to the account, this new and more sophisticated version is able to revive the session even when the password is changed.

Google is currently trying to crack down on third-party cookies to identify the vulnerability. In a statement, the web browser provider has said it has taken action to secure compromised accounts.

How You Can Protect Yourself

This threat is relatively recent, and as of now, Google has not released extensive information or specific solutions. In this evolving situation, users are urged to adopt enhanced security practices.

Google urges users to do their part in removing malware from their computers, recommending that they turn on Enhanced Safe Browsing on Google Chrome to prevent phishing and malware downloads.

This makes traditional defenses less effective. “To combat this advanced attack, users must logout from all devices and change passwords, which invalidates old session cookies and necessitates re-authentication with new credentials,” explains Christian Orfali, Information Security Advisor at Fortra’s Terranova Security.

For now, here are some protective measures:

  • Avoid unsafe links and downloads: Do not click on links or download files from unknown sources. This basic rule helps evade malware that facilitates such attacks.
  • System updates and patches: Keep your system updated. Apply patches as soon as they become available, especially once Google releases a specific patch for this issue.
  • Disable ‘Remember Me’: Uncheck this option on Google accounts. Manually entering your password each time enhances security.
  • Log out after each session: Always log out, not just close your browser, especially when using multiple devices.
  • Daily security routines: Clear your cookies and log out from all devices daily.
  • Reset Password Regularly: Changing your password periodically can help secure your account.
  • Review Google device history: Check for unrecognized devices or locations in your Google device history that could indicate a compromised account.

As Google works on addressing this new threat, users are advised to remain vigilant and follow these guidelines to protect their accounts.

In incidents like these, where threats like the sophisticated session hijacking attack are emerging, it becomes increasingly clear that cyber security awareness is not just a luxury but a necessity.

In this context, a knowledgeable user base is critical to staying one step ahead of potential threats.

 


 

Our Click and Launch program aligns with this need for continuous cyber security education.

As you consider the broader implications of these security threats, it’s important to recognize that awareness and preparedness are your most reliable allies.

Here’s a straightforward approach to raising awareness and equipping teams with the knowledge to tackle phishing, malware, and other evolving threats.

Book a quick demo to see how Click and Launch can help you mitigate cyber risks before they happen.