Hackers have discovered a new method of infiltrating Google accounts without knowing the user’s password. All they need is an expired cookie, which they can then use to gain unauthorized access. This attack method has been adopted by several hacker groups, such as Lumma, Rhadamanthys, Stealc, Medusa, RisePro, and Whitesnake. Despite this serious threat, Google does not consider it a problem.
Malware as a threat
Attacks using malicious software to steal session tokens, cookies, and other data are not new. However, Google does not view this situation as extraordinary. The company claims to routinely enhance its security measures to protect users from such attacks. Nevertheless, Google has taken appropriate actions to secure infected accounts.
How to respond to the threat?
However, BleepingComputer suggests that Google does not take this matter seriously enough. The company only recommends that individuals affected by this new type of attack log out of their Google account in the Chrome browser and close all active sessions using the g.co/mydevices page. It is also advisable to change the password. However, there is no information about the development of new solutions that would prevent the exploitation of expired cookies to gain unauthorized access to an account.
FAQ:
What is an expired cookie?
An expired cookie is a text file that stores data on the user’s computer. Sometimes cookies have a specified expiration date, after which they are deleted. However, in the case of hacker attacks, an expired cookie can be used for unauthorized access.
What are the consequences of hacking a Google account?
Compromising a Google account can lead to unauthorized access to other accounts associated with the same email address, such as email accounts, social media accounts, or bank accounts. Hackers may also have access to the user’s private data, such as photos, messages, and documents.
How can I protect my account against hacker attacks?
To secure your Google account, it is recommended to use strong passwords, enable two-factor authentication, and regularly check for suspicious activity on the account. Always remember to update your software to ensure the latest security measures.
Source: BleepingComputer – [Link to the original article]
The source of the article is from the blog aovotice.cz