Info-Stealing Malware Now Includes Google Session Hijacking


a number of malware-as-services Researchers warn that even if a user resets their password, info stealers can now manipulate authentication tokens to grant users ongoing access to a victim’s Google account. Cybersecurity company CloudSEK revealed on Friday that Lumma Stealer, an information-stealing malware that is sold as a service, has had this feature since November.

The weakness, according to the firm’s researchers, is especially worrisome since it allows hackers to manipulate the OAuth 2.0 security protocol, which is commonly used to permit single sign-on access to Google-connected accounts (see Experts’ View: Avoid Social Networks’ Single Sign-On).

Read More…