Google website on iPhone

A new exploit on Chrome lets hackers compromise Google accounts and maintain access without the need for passwords. Now, Google has responded to the cookie-stealing malware vulnerability, stating it “has taken action to secure any compromised accounts detected.”

As Cybernews reports, the zero-day exploit is a new type of infostealer malware that exfiltrates cookies, tokens, and account IDs of logged-in Chrome profiles on the browser, letting threat actors break into accounts and stay in a session by using regenerative cookies.

Known malware groups, including Stealc Stealer, Rhadamanthys, Meduza, and more, are now jumping on the dangerous malware trend. According to a cybersecurity company CloudTEK and Hudson Rock report, developer PRISM discovered the exploit in October 2023 and provided a video demonstration. A cybercriminal used the exploit in a malware named “Lumma Infostealer.”

Google is now taking action against the malware, with a spokesperson suggesting that these attacks aren’t new:

“Google is aware of recent reports of a malware family stealing session tokens,” said Kim Samra, Security Communications Manager for Google. “Attacks involving malware that steal cookies and tokens are not new; we routinely upgrade our defenses against such techniques and to secure users who fall victim to malware.”

While many previously believed affected users wouldn’t be able to revoke stolen tokens or cookies, Samra states there is a simple way to stop access to stolen accounts.

“It’s important to note a misconception in reports that suggests stolen tokens and cookies cannot be revoked by the user. This is incorrect, as stolen sessions can be invalidated by simply signing out of the affected browser, or remotely revoked via the user’s devices page. We will continue to monitor the situation and provide updates as needed.”

While Google deals with the malware, the company recommends using Enhanced Safe Browsing on Chrome to remove malware on their device. It’s one of the best ways to stop any malware on Chrome, along with using one of the best antivirus software.

How to turn on Enhanced Safe Browsing on Chrome

It’s a good idea to stay safe on Chrome while browsing, especially with a new cookie-based infostealer malware in the wild. It’s simple to do, as all you need to do is head into settings on Chrome.

  1. Open your Google Account

    Enhanced Safe Browsing on Google Chrome tutorial

    On your Google Chrome browser, click on your Google Account icon (profile picture) on the top-right corner. Then select Manage your Google Account.

  2. Select Security

    Enhanced Safe Browsing on Google Chrome tutorial 2

    On the left sidebar, choose the Security tab.

  3. Turn on Enhanced Safe Browsing

    Enhanced Safe Browsing on Google Chrome tutorial

    Scroll down to Enhanced Safe Browsing for your account. Here, select Manage Enhanced Safe Browsing. Toggle the switch to turn on Enhanced Safe Browsing.

Enhanced Safe Browsing offers “faster and more proactive protection against dangerous websites, downloads, and extensions. It may slow down your browser, but it will keep you protected from any malicious software looking to takeover your Google account.

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.

LEAVE A REPLY

Please enter your comment!
Please enter your name here