Security News > 2023 > November > Lumma malware can allegedly restore expired Google auth cookies
The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Restoring these cookies would allow Lumma operators to gain unauthorized access to any Google account even after the legitimate owner has logged out of their account or their session has expired.
Hudson Rock's Alon Gal first spotted a forum post by the info-stealer's developers highlighting an update released on November 14, claiming the "Ability to restore dead cookies using a key from restore files."
BleepingComputer has contacted Google multiple times requesting a comment on the possibility of malware authors having discovered a vulnerability in session cookies, but we have yet to receive a response.
If information-stealers can indeed restore expired Google cookies as promoted, there's nothing that users can do to protect their accounts until Google pushes out a fix besides preventing the malware infection that leads to the theft of those cookies.
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware.
News URL
Related news
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- New Voldemort malware abuses Google Sheets to store stolen data (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)