Safety researchers just lately warned of recent malware able to reviving expired authentication tokens through a Google Chrome API.
The function is a one-off, however nonetheless harmful because it permits menace actors to stay logged into their victims’ Google accounts for longer.
Nonetheless Google is now trying to downplay the significance of the vulnerability, basically stating it’s not more than easy session cookie theft.
Vulnerability, or is it?
In an announcement shared with BleepingComputer, the search engine big stated: “Google is conscious of current reviews of a malware household stealing session tokens. Assaults involving malware that steal cookies and tokens will not be new; we routinely improve our defenses in opposition to such methods and to safe customers who fall sufferer to malware. On this occasion, Google has taken motion to safe any compromised accounts detected.”
Citing folks accustomed to the matter, the publication additional acknowledged that Google doesn’t actually see this as a vulnerability, and as an alternative believes the API works as meant. The search engine behemoth suggested customers to sign off of their Chrome browser and kill all lively classes through g.co/mydevices, as that may invalidate the Refresh token.
“Within the meantime, customers ought to frequently take steps to take away any malware from their laptop, and we advocate turning on Enhanced Secure Looking in Chrome to guard in opposition to phishing and malware downloads,” Google added.
The recommendation is sound, however that is one thing folks not often do proactively, and by the point they’re contaminated with malware, it’s already too late.
In late November 2023, cybersecurity researchers from Hudson Rock warned that the most recent model of the Lumma infostealer was noticed with the ability to restore expired Google cookies. The group found an advert for the function posted on a darkish net discussion board which stated that the model launched on November 14 can “restore lifeless cookies utilizing a key from restore recordsdata.” The advert additional stresses that this solely applies to Google cookies.