CloudSEK, a cyber security firm, found a sneaky way hackers can mess with Google accounts, and it's a bit of a head-scratcher. This method lets them stay logged in, even after changing the password. Sounds wild, right?
For starters, Google uses a system called OAuth2 for keeping things secure. It's like a fancy bouncer at a club, making sure only the right people get in. But these hackers, led by someone calling themselves PRISMA, figured out a trick to keep the party going.
They found a secret spot in Google's system, a hidden door called "MultiLogin." It's a tool Google uses to sync accounts across different services. The hacker PRISMA exploited this door, creating a malware called Lumma Infostealer to do the dirty work.
Now, the clever part is, even if you change your passwords, these hackers can keep sipping on their virtual cocktails. The malware they created knows how to regenerate these secret codes, called cookies, that Google uses to verify who you are.
CloudSEK's researchers say this is a serious threat. The hackers aren't just sneaking in once—they're setting up camp. Even if you kick them out by changing your password, they still have a way back in. It's like changing the locks on your front door, but they somehow still have a secret master key.
Researchers tried reaching out to Google to spill the beans, but so far, it's been crickets. No word from the tech giant on how they plan to deal with this sneaky hack.
So, here we are, in a world where even resetting your password might not be enough to kick out the virtual party crashers. Stay tuned to see how Google responds to this unexpected security hiccup.
Read next: Researchers Suggest Innovative Methods To Enhance Security And Privacy For Apple’s AirTag
by Irfan Ahmad via Digital Information World
No comments:
Post a Comment