Security News > 2024 > January > Google password resets not enough to stop these info-stealing malware strains
Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed.
A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed.
It turns out that these tokens can still be used to login even if the user realizes they've been compromised and change their Google password.
Reverse engineering the infostealer malware revealed that the account IDs and auth-login tokens from logged-in Google accounts are taken from the token service table of WebData in Chrome.
The Register approached Google for information about its plans to address the threat and had not received a response at the time of publication.
As we said, changing your password and logging out, and back in again looks like it will prevent tokens from being revived.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/02/infostealer_google_account_exploit/
Related news
- Google Chrome adds app-bound encryption to block infostealer malware (source)
- Google ads push fake Google Authenticator site installing malware (source)
- Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware (source)
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Azure domains and Google abused to spread disinformation and malware (source)