Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Google cookie restoration. Show all posts

Malware Developer Claims Ability to Reactivate Expired Google Authentication Cookies

 

The Lumma information-stealer malware, known as 'LummaC2,' is reportedly touting a novel functionality that claims to enable cybercriminals to revive expired Google cookies, potentially allowing them to take control of Google accounts. Session cookies, specialized web cookies facilitating automatic login during a browsing session, typically have a limited lifespan for security reasons. This measure prevents misuse in case the cookies are stolen, as possessing them grants access to the account.

The discovery of this feature came to light when Alon Gal from Hudson Rock identified a forum post by the malware's developers on November 14. The post announced an update boasting the "ability to restore dead cookies using a key from restore files (applies only to Google cookies)." Intriguingly, this capability was restricted to subscribers of Lumma's highest-tier "Corporate" plan, priced at $1,000 per month.

The forum post specified that each key could be utilized twice, allowing for a single instance of cookie restoration. While seemingly limiting, this still poses a significant threat, particularly for organizations adhering to robust security practices.

The introduction of this purported feature in recent Lumma releases is awaiting validation by security experts and Google. The uncertainty surrounds whether the functionality performs as claimed. It's noteworthy that another malware, Rhadamanthys, announced a similar capability in a recent update, hinting at a potential security vulnerability exploited by these malicious actors.

Efforts to obtain a comment from Google regarding the possibility of a session cookie vulnerability have been met with silence. Lumma's developers released an update shortly after being contacted by BleepingComputer, positioning it as an additional fix to circumvent new restrictions imposed by Google to hinder cookie restoration.

Despite attempts to glean insights directly from Lumma's operators, they remained tight-lipped about the workings of the feature. When confronted with Rhadamanthys' similar functionality, Lumma's representative asserted that their competitors had imitated the feature without understanding its intricacies.

If the claims about information-stealers restoring expired Google cookies are accurate, users may be powerless to safeguard their accounts until Google issues a fix. Precautions advised include steering clear of torrent files and executables from dubious sources, as well as being cautious with Google Search results.