Google workspace

Greetings, fellow cyber navigators!! Today, we find ourselves with the latest news that can crumble the reputable defences of our beloved Google accounts as we begin our journey in the year 2024.

The hack we are going to talk about today has the capability of enabling any adversary to take advantage of (or, in technical terms, “exploit”) Google accounts through its cookies and the 0Auth2 protocol that is generally used as an important Authorization functionality of google accounts to maintain a valid session with the victim’s google account by regenerating cookies.

This method of attack can allow the adversary to remain intact with the victim’s Google account services even after the user account password has been changed or reset once the victim identifies any unusual behaviour from his/her Google account.

OAuth2.0 or Open Authorization 2.0 is a protocol or standard designed to allow users to access resources for specific information. This protocol only allows authorisation, and it relies on using an access token for authorisation with security.

PRISMA, a well-known hacker ( or a Threat Agent), has figured out a way to outsmart and access Google accounts with no restrictions through the exploitation of Google cookies. Cookies, in simple terms, exist as a secret code allowing a particular user to be signed in to his/her account until the session ends.

PRISMA was also able to use 0Auth2.0 to maintain secure access to the Google account and exploit the multi-login features of Google with the help of a malware called “Lumma info stealer” to stay connected with the victim user’s other Google account services. The way PRISMA uses this method to manipulate Google services like GAIA ( Google account and ID administration) tokens and malware encryption to cover their tracks shows that it is not something that should be taken for granted. 

This was first discovered by a security firm called CloudSEK, and currently, researchers are worried and tensed that other adversaries can use this strategy to cause prolonged harm to a victim’s Google account as this method can allow persistent access for a long duration.

This situation was, however, notified to Google by CloudSEK on social media, and a response is yet to come.

#BorderlessCS #CybersecurityAlert #2024 #Google #GoogleAccounts #GooglePasswordReset #AccountProtectionIssues #0Auth2

Posted in Uncategorized

Leave a Comment