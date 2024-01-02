In recent years, there has been growing sophistication in the formulas used by cybercriminal groups to gain access to external devices. One of the clearest examples is found in the latest malware that has been detected and that is affecting Google accounts, with millions of active devices around the world. This is a new malware that seeks to access the local Google Chrome database, trying to steal all the passwords and the rest of the information found inside.

Although the malware was revealed on October 20, it was not until a few days ago that more information about its operation was obtained. This method would be able to restore expired authentication cookies and, even if the account password has recently been changed, you would be able to log into them without anything preventing you from doing so.

A vulnerability to steal all your data

Specialized media such as BleepingComputer have echoed this new vulnerability. Login cookies are designed to have a limited lifespan. Therefore, under normal conditions, they cannot be used indefinitely. Google uses them so that any user can access their Google account automatically, without having to enter their credentials. And this is the reason why, despite having saved our username and password in our browser, every X amount of time we must enter our data manually, since the cookies we are referring to have expired.

The system is designed to send a request to the API Google to create stable and persistent cookies that allow you to authenticate on our behalf to access our user account. The vulnerability has been so recent that it is currently unknown if by activating two-factor authentication we could ensure that our account is safe from this situation. As well as the rest of the measures that we are used to taking when this type of security breaches are detected.

Unlimited account access

Although the most common thing in these cases is to change the password of our accounts, there is currently no information on whether this exploit could have unlimited access to our accounts, taking advantage of this security gap. Although everything seems to indicate that, indeed, this is the case.

The same media previously mentioned states that all those who have this exploit in their possession would already be selling it to groups of cybercriminals, in order to take advantage of the opportunities it offers us. In addition, it also seems that improvements have been implemented in the exploit that are capable of avoiding the countermeasures that Google has implemented once this situation has been detected.

Although Google has not currently commented on the matter nor have they released critical security updates in recent days with the aim of dealing with this new malware format, it is important to be attentive and always download the latest versions of our Google browser from Google Chrome itself. Avoiding possible unknown data sources that could compromise the security of our data.