In this instance, Google has taken action to secure any compromised accounts detected. "Attacks involving malware that steal cookies and tokens are not new we routinely upgrade our defenses against such techniques and to secure users who fall victim to malware. "Google is aware of recent reports of a malware family stealing session tokens," a spokesperson told us. Google has confirmed that if you've had your session tokens stolen by local malware, don't just change your password: log out to invalidate those cookies, and/or revoke access to compromised devices. ® Updated at 1009 UTC on January 3, 2024, to add We'll let you know if that's certainly the case. As we said, changing your password and logging out entirely, and back in again looks like it will prevent tokens from being revived. The Register approached Google for information about its plans to address the threat and had not received a response at the time of publication. "It signifies a shift in the landscape of malware development, where the emphasis is increasingly on the concealment and protection of exploit methodologies, as much as on the effectiveness of the exploits themselves." "The tactical decision to encrypt the exploit's key component showcases a deliberate move towards more advanced, stealth-oriented cyber threats," he added. The encryption of the traffic between the malware's C2 and MultiLogin also lessens the chances of standard security measures detecting the malicious activity, Karthick said, since encrypted traffic is more likely to be overlooked. In doing so, the malware's developers now expose some details of the requests and responses, potentially undoing some of their earlier efforts to conceal the functionality's inner workings. In a more recent update, however, Lumma introduced SOCKS proxies to bypass Google's IP-based restrictions on token regeneration. In Lumma's case, each token:GAIA ID pair is encrypted by the malware, masking the finer details of the mechanism. Pavan Karthick M, threat intelligence researcher at CloudSEK, reckons the discovery provides evidence of cybercriminals' high degree of sophistication. Cyber sleuths reveal how they infiltrate the biggest ransomware gangs.Iranian cyberspies target US defense orgs with a brand new backdoor.Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks.A tale of 2 casino ransomware attacks: One paid out, one did not.The stolen token:GAIA ID pairs can then be used together with MultiLogin to continually regenerate Google service cookies even after passwords have been reset, and those can be used to log in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |