In response to news of a password change-resistant attack being used by information-stealing hackers, Google has advised users of Gmail to switch the app off and on again.
CloudSEK researcher Pavan Karthick M described how Google accounts may be compromised by taking advantage of an undocumented authentication endpoint that is used for cross-services synchronization in an adversarial intelligence analysis that was published on December 29.
It was discovered that attackers were taking advantage of this to seriously abuse session cookies, which are used to log users into Google accounts without requiring credentials. Access to the Gmail inbox, the security Holy Grail, may then be possible as a result.
According to a Google representative, “aware of recent reports of a malware family stealing session tokens” and admits that these kinds of assaults are caused by malware that “involving malware that steal cookies and tokens are not new.”
In this case, Google claims it has “taken action to secure any compromised accounts detected” and that it regularly updates its defenses against such tactics.
The IT Crowd’s “have you tried turning it off and on again” cliché comes true when it comes to stories that claim it is hard to revoke stolen tokens and cookies, a claim that Google disputes.
Google stated “by simply signing out of the affected browser, or remotely revoked via the user’s devices page.” Moreover, Google advises turning on Enhanced Safe Browsing in Chrome to guard against virus downloads and phishing scams.
By invalidating the existing tokens that infostealers rely on, changing your password successfully prevents illegal access and provides a vital barrier to the ongoing breach.
