Security News > 2023 > April > GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account.
"The vulnerability allows attackers to gain permanent and unremovable access to a victim's Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim's personal data exposed forever," Astrix said in a report.
In a nutshell, the flaw makes it possible for an attacker to hide their malicious app from a victim's Google account application management page, thereby effectively preventing users from revoking its access.
The kind of data that can be accessed depends on the permissions granted to the app, which the adversaries can abuse to delete files from Google Drive, write emails on the victim's behalf to perform social engineering attacks, track locations, and exfiltrate sensitive data from Google Calendar, Photos, and Drive.
"Once the malicious app has been authorized, an attacker exploiting the vulnerability can bypass Google's"Apps with access to your account" management feature, which is the only place where Google users can view third-party apps connected to their account.
The development comes as Google Cloud fixed a privilege escalation flaw in the Cloud Asset Inventory API dubbed Asset Key Thief that could be exploited to steal user-managed Service Account private keys and gain access to valuable data.
News URL
https://thehackernews.com/2023/04/ghosttoken-flaw-could-let-attackers.html
Related news
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)