Info-Stealing Malware Now Includes Google Session Hijacking

a number of malware-as-services Researchers warn that even if a user resets their password, info stealers can now manipulate authentication tokens to grant users ongoing access to a victim’s Google account. Cybersecurity company CloudSEK revealed on Friday that Lumma Stealer, an information-stealing malware that is sold as a service, has had this feature since November.

The weakness, according to the firm’s researchers, is especially worrisome since it allows hackers to manipulate the OAuth 2.0 security protocol, which is commonly used to permit single sign-on access to Google-connected accounts (see Experts’ View: Avoid Social Networks’ Single Sign-On).

Info-Stealing Malware Now Includes Google Session Hijacking

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Info-Stealing Malware Now Includes Google Session Hijacking

29-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address