Cybersecurity researchers have sounded the alarm over a critical vulnerability allowing hackers to access Google accounts without passwords. This exploit, discovered in October 2023, leverages malicious malware that targets third-party cookies used by Google accounts for authentication.
Services like Malwarebytes offer multi-layered protection against exploits like the one targeting Google accounts through third-party cookies. Malwarebytes Personal and Premium can detect and remove the malicious software used in this attack, preventing them from stealing your cookies in the first place.
Browser Guard adds another line of defence by blocking malicious websites and trackers that might try to exploit vulnerabilities. Furthermore, Malwarebytes Privacy VPN encrypts your online traffic, making it significantly harder for hackers to intercept your cookies even if malware infects your device.
By using these services in combination, you can significantly reduce your risk of falling victim to this type of exploit and protect your Google account and other online identities.
What Google accounts users should know
The hack
Hackers exploit a flaw in how Google’s authentication system handles cookies. These cookies, meant to streamline logins, can be intercepted by the malware, granting attackers access to the account even after password resets. This bypasses even two-factor authentication, adding another layer of concern.
Impact and response
While Google has secured compromised accounts and continues to improve its defences, individual users remain vulnerable. Researchers and Google advise taking proactive steps like removing malware and enabling Chrome’s “Enhanced Safe Browsing” feature.
Complexity and Significance: This hack highlights the evolving sophistication of cyber threats. Pavan Karthick M, the researcher who first uncovered the vulnerability, emphasises the need for continuous monitoring and intelligence gathering to stay ahead of these evolving threats.
Call to action
All Google users should be vigilant and take recommended security measures to protect their accounts. This incident underscores the importance of staying informed about evolving cyber threats and adopting robust security practices.
Additional details:
- The exploit leverages an undocumented Google OAuth2 functionality.
- The hack was first made public on a Telegram channel in October 2023.
- A detailed report on the vulnerability titled “Compromising Google Accounts: Malware Exploiting Undocumented OAuth2 Functionality for session hijacking” is available from CloudSEK.
10 Steps users can follow to protect Google accounts
Here are 10 steps you can follow to protect yourself from the Google account cookie exploit:
Install and regularly update antivirus and anti-malware software
Use reputable software like Malwarebytes Personal or Premium to detect and remove malware that could steal your cookies.
Enable enhanced safe browsing in Chrome
This feature helps block malicious websites and downloads that could lead to malware infections.
Use a VPN
A VPN encrypts your online traffic, making it harder for hackers to intercept your cookies, even if malware is present. Malwarebytes Privacy VPN is a good option.
Be cautious about email attachments and links
Don’t open attachments or click links from unknown or suspicious sources, as they could contain malware.
Why use a VPN
SECURITY: Our secure VPN sends your internet traffic through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even over public or untrusted Internet connections.
PRIVACY: Keep your browsing history private. As a Swiss VPN provider, we do not log user activity or share data with third parties. Our anonymous VPN service enables Internet without surveillance.
FREEDOM: We created ProtonVPN to protect the journalists and activists who use ProtonMail. ProtonVPN breaks down the barriers of Internet censorship, allowing you to access any website or content.
Avoid downloading software from untrusted websites
Stick to official app stores and websites to download software to reduce the risk of malware infections.
Keep your software and operating system up to date
Install security patches promptly to address newly discovered vulnerabilities.
Use strong, unique passwords for all your online accounts
Avoid using the same password for multiple accounts, and make sure your passwords are complex and difficult to guess.
Enable two-factor authentication (2FA) on your Google account
This adds an extra layer of security, even if your password is compromised.
Regularly check your Google account activity
Look for any suspicious logins or activity that you don’t recognise.
Be vigilant about phishing scams
Phishing emails try to trick you into revealing personal information or clicking on malicious links. Be cautious of emails that claim to be from Google or other reputable companies.
Google accounts remain vulnerable despite hack fix: Protect yourself!
While Google has addressed a recent vulnerability that allowed attackers to hijack Google accounts even after password resets, individual users still face risks. This incident highlights the ever-evolving nature of cyber threats and the importance of robust security practices for all Google accounts users.
Here’s a call to action:
- Be vigilant and take recommended security measures to safeguard your Google accounts.
- Stay informed about evolving cyber threats and adopt robust security practices.
Remember, protecting your Google accounts is crucial in today’s digital landscape. Follow the recommended steps and stay vigilant to stay ahead of potential threats.
______________________________________
Every month in 2024 we will be giving away one PlayStation 5 Pro. To qualify join our Facebook group, TikTok and Subscribe to our Sweet TnT Magazine YouTube channel
When you buy something through our retail links, we may earn commission and the retailer may receive certain auditable data for accounting purposes.
- Jason Hospedales: Storyteller, visionary, and cultural icon
- Workers’ solidarity in action: Lessons from the recent US port workers strike
- Why more New Yorkers are investing in a vacation home in Trinidad and Tobago
- Why Singapore’s digital infrastructure makes it a top destination for remote workers
- New York fashionistas: Discover how Trinidad’s designers are bringing Caribbean couture to NYC
You may also like:
Google search algorithm: We asked Google Bard to explain how it works
YouTube search algorithm: We asked Google Bard how it works
The rise of the machines: Are AI job cuts the new normal?
Artificial General Intelligence: A double-edged sword
How to Get ChatGPT Plus for free
ChatGPT: 15 videos of testimonials of killer use cases published
Labour polarisation: How AI will destroy the middle class
@sweettntmagazine