The implications of this discovery go far beyond personal Gmail accounts. Numerous corporate email addresses linked to a variety of organizations can also be accessed through Google.
In a significant development, the creators of the well-known Infostealer group, Lumma, have reportedly made a groundbreaking discovery. They claim to have devised a method to extract Google cookies from infected computers in a way that these cookies do not expire or become invalid, even if the user changes their password.
This, if true, can cause a paradigm shift in cybercriminal activities, potentially enabling hackers to gain unauthorized access to a broader spectrum of accounts and execute more severe attacks.
It is vital to highlight that the implications of this discovery go far beyond personal Gmail accounts. Numerous corporate email addresses linked to a variety of organizations can also be accessed through Google. These organizations could now be at an increased risk of suffering from ransomware and other cyberattacks.
Unprecedented Cybercriminal Capabilities of Lumma Infostealer
This significant advancement in cybercriminal techniques, as revealed by Alon Gal, Co-Founder & CTO at Hudson Rock, is a testament to the growing sophistication of the creators behind it.
Unlike conventional methods where password changes nullify stolen credentials, this breakthrough grants hackers sustained and unimpeded access, creating an avenue for infiltrating a multitude of accounts and executing substantial attacks.
“In addition to that, Google cookies are not just for email accounts but rather for a wide range of services which will now be much more accessible to hackers,” highlighted Gal in his detailed post.
“If true, exfiltration of cookies that cannot be revoked from Google will mark a significant shift in the cybercrime ecosystem, enabling hackers to infiltrate Google-related services with ease and perform various cyberattacks,” commented Gal when queried about this groundbreaking development.
Beyond the immediate threat to personal Gmail accounts, the gravity of the situation extends to numerous corporate email addresses associated with organizations.
The potential consequences are severe, encompassing an elevated risk of ransomware attacks and other sophisticated cyber intrusions that could target businesses and institutions.
Broader Threat Landscape
It’s imperative to recognize that the scope of this threat isn’t limited to email services alone; it encompasses a broad spectrum of interconnected online platforms reliant on Google cookies. This newfound accessibility intensifies the risk, presenting an unprecedented challenge to the cybersecurity community.
An intriguing question arises: Can the sessions be revoked, rendering the stolen cookies useless? Gal addresses this, explaining, “In cookies stolen by stealers so far, yes, this is the case. However, the group behind Lumma now claims to have exfiltrated some kind of cookies that are irrevocable, a very interesting claim.”
While it remains uncertain if Google is considering the incident response perspective, it appears the incident has yet to reach the tech giant’s attention.
Although it’s unclear whether Google is currently addressing the incident from a response standpoint, it seems that the tech giant has not yet been made aware of this specific situation.
However, this threat’s severity is amplified by the simplicity it offers hackers to execute complex cyberattacks. The danger is even more pronounced considering that these cookies might not be rendered invalid by standard practices like password resets.
