Malware appears to attack Google accounts

According to TechRadar , cybersecurity firm CloudSEK recently discovered a serious vulnerability in Google services that allowed attackers to gain access to victims' Google accounts, even if they had changed their passwords. This vulnerability was discovered in October 2023 and was quickly exploited by various cybercriminal groups.

The vulnerability works by manipulating login tokens to create persistent cookies, allowing attackers to continue accessing victims' accounts even after passwords have been changed. According to CloudSEK, at least six cybercriminal groups are actively exploiting the vulnerability, including Lumma, Rhadamanthys, Risepro, Meduza, Stealc, and White Snake.

One worrying point is that this vulnerability involves both Google OAuth and MultiLogin services, which are used to connect Google accounts to other services. This means that attackers can not only infiltrate emails, but also gain access to other services such as Drive, YouTube, Docs...

Currently, Google has not yet made an official announcement about this vulnerability and how to fix it. However, to protect yourself, users should be careful with links from unknown sources, update software regularly, use complex passwords and especially activate multi-factor authentication.