The Google 0-day all Infostealer groups are exploiting.

TL;DR — Google cookies that don’t expire and work even when the account’s password is changed, huge advantage for cybercriminals, nothing done by Google.

A month ago Hudson Rock reported that Lumma Infostealer group are going to implement a new feature which will allow them to revive expired Google cookies (https://www.infostealers.com/article/lumma-malware-can-allegedly-restore-expired-google-auth-cookies/)

We warned that this will cause a shift in cybercrime, and that hackers will be able to infiltrate accounts with ease.

Today, even despite attempts to alert Google over a month ago that there is an ongoing 0-day being exploited by Infostealer groups, the exploit is only becoming more widely used, with over 5 Infostealer groups taking advantage of the exploit.

In addition, Hudson Rock spoke to a developer who claims they came up with this 0-day back in October and was selling it independently. They sent us a video of the exploit which you can watch here — https://www.youtube.com/watch?v=NzAtZzzFoOs

We expect to see this feature implemented by all Infostealer groups until some action is taken by Google.

Why aren’t Google doing anything about it? We speculate that the reason is that the trade off with blocking the cookie reviving mechanism is not worth it because it serves some kind of user ease of use.

We’ll follow up on developments, don’t forget to sign up with your email to receive our updates!

Don’t Stop Here

More To Explore

Infostealers Webinar – Hudson Rock

Learn about Infostealers with actual real life breaches caused by Infostealer infections with Leonid Rozenberg, Hudson Rock’s Head of Partnerships & Integrations. To discover how

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise

favicon__1_ removebg-png

BE THE FIRST TO KNOW

Stay informed with the latest insights in our Infostealers weekly report.

Receive immediate notification if your email is involved in an infostealer infection.

No Spam, We Promise