Security News > 2024 > January > Google password resets not enough to stop these info-stealing malware strains
Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed.
A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed.
It turns out that these tokens can still be used to login even if the user realizes they've been compromised and change their Google password.
Reverse engineering the infostealer malware revealed that the account IDs and auth-login tokens from logged-in Google accounts are taken from the token service table of WebData in Chrome.
The Register approached Google for information about its plans to address the threat and had not received a response at the time of publication.
As we said, changing your password and logging out, and back in again looks like it will prevent tokens from being revived.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/02/infostealer_google_account_exploit/
Related news
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)