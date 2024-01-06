A recent discovery by security researchers reveals a concerning hack that enables cyber criminals to gain unauthorized access to people’s Google accounts without requiring their passwords. The malware, known as a dangerous form of third-party cookies, has already been actively tested by hacking groups.

The vulnerability with cookies, used by websites and browsers to track users and enhance efficiency, allows hackers to compromise accounts. By obtaining Google authentication cookies, which enable users to access their accounts without frequent login details, the hackers maneuvered past the additional layer of security provided by two-factor authentication.

While Google, whose Chrome web browser holds over 60% of the market share, is in the process of mitigating the issue by crackdown on third-party cookies, security researchers emphasize the complexity and clandestine nature of modern cyber attacks. Continuous monitoring of both technical vulnerabilities and human intelligence sources is crucial to combat emerging threats.

CloudSEK, the security firm that uncovered this exploit, published a report titled ‘Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’, providing comprehensive details on the vulnerability. Google has responded by securing compromised accounts and advises users to regularly scan their systems for malware and enable Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads.

Frequently Asked Questions (FAQ)

What is the exploit discovered by security researchers?

How does the vulnerability in cookies work?

What actions has Google taken to address the issue?

What is the significance of continuous monitoring in combating cyber threats?

