Skip to content
Techzine Europe
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Europe
  • Techzine Netherlands
Techzine Blogs Security Exploit provides access to Google accounts: password change doesn’t help
3 min Security

Exploit provides access to Google accounts: password change doesn’t help

Laura HerijgersJanuary 2, 2024 12:22 pmJanuary 2, 2024
Exploit provides access to Google accounts: password change doesn’t help

Several malware families can give hackers access to Google accounts. For this, the malware abuses an OAuth2 functionality provided by Google. It is not possible to lock out the hacker by changing the password of an affected account.

The Google OAuth2 endpoint MultiLogin would be exploitable for breaking into Google accounts. Through the exploit, hackers steal session cookies, which contain login information. This cookie type remembers the login credentials so that users can access their accounts without entering the username and password each time. It can be used for accessing online services that authenticate you through your Google account.

It involves full authentication, in which two-step verification is bypassed because it is automatically generated from a previous session. Because of the sensitivity of the information contained in these types of cookies, the lifetime of session cookies should be short.

However, MultiLogin allows hackers to recover session cookies from Google. Breaking into a Google account is then possible by using an infostealer malware. Moreover, the exploit automatically generates the latest authentication information. This means the problem is not solved with a password change. That’s not the only problem because hackers can additionally maintain access for a long time. It is an option to re-generate the cookies should the hacker’s open session get interrupted.

Malware for sale online

There are several malware families in circulation, and, according to CloudSEK, there is evidence hackers abuse the exploit. This company’s research team discovered MulitLogin and published a blog with their findings. The evidence that cybercriminals already know about the exploit was actually the beginning point of the research. This came to the knowledge of the researchers through a Telegram message from threat actor “PRISMA”.

In the meantime, six info-stealers malware have already been found. Among the families is the Lumma Infostealer. This type of malware is known for stealing the following sensitive information: crypto wallets, browser extensions and codes for two-step verification. Lumma has been traded since 2022.

Convenience over security?

Google itself did not respond to the discovery and the misuse of MultiLogin has not been officially confirmed. The Hudson Rock team, which also investigates the exploit in another research, says Google is taking no action. They speculate that session cookies will also not be disabled for the sake of ease of use. Google recently released another tool for checking for leaks that expose your password. However, the feature will not be able to detect this specific exploit.

Also read: Google Chrome has Safety Check: controls and needs control

To protect your credentials from cookie theft, it is generally recommended not to use built-in services that save passwords. Otherwise, it is always wise to use such services only if a master password protects the data. In addition, it is recommended to change your settings to delete cookies automatically after closing the browser.

Tags:

exploit / Google / Google Account / infostealer / login credentials / Research

"*" indicates required fields

Stay tuned, subscribe!

Nieuwsbrieven*
This field is for validation purposes and should be left unchanged.

Related

Google now provides free access to Gemini 2.5 Pro

Google starts deleting inactive accounts

Google adds account synchronisation to its 2FA authenticator app

Google Workspace now alerts key changes to administrator accounts

Editor picks

SAP CEO calls European plan for own cloud data centers completely crazy

The CEO of SAP, Europe's most valuable company, believes it is pointl...

Cisco throws next punch in battle for world’s smartest switches

New Catalyst C9350 and C9610 expand the battlefield

Snowflake AI has simplicity, efficiency, and trust at its core

Snowflake has been actively expanding its artificial intelligence off...

ChatGPT has been experiencing errors for hours

Users of ChatGPT are experiencing long wait times or are unable to ge...

Insight: RSAC 2025 Conference

Rise of AI transforms CISO’s role: from technical to strategic input

Sam Curry, CISO at Zscaler talks strategy and (future) challenges

The Techzine Perspective: RSAC 2025 is about AI security, integrated solutions, and the quantum threat

AI has a huge impact on cybersecurity

Cisco launches Foundation AI and introduces open-source security AI model

Cisco launches Foundation AI and introduces open-source security AI model

Cisco is launching a new initiative today at the RSAC 2025 Conference...

Cisco wants to use AI to defend AI at machine scale

Cisco wants to use AI to defend AI at machine scale

Cisco made a swath of announcements at RSAC 2025 Conference. Unsurpri...

Read more on Security

Zero-click attack reveals new AI vulnerability

Zero-click attack reveals new AI vulnerability

Echoleak is a new attack vector that exploits AI assistants by subtly manipulating prompts. The attack was ex...

Berry Zwets 3 days ago
DNS analysis reveals links between VexTrio and WordPress hackers

DNS analysis reveals links between VexTrio and WordPress hackers

New findings from Infoblox show that WordPress hackers and Traffic Distribution System operators associated w...

Berry Zwets 3 days ago
How a fake cybersecurity firm became a real threat
Expert Talks

How a fake cybersecurity firm became a real threat

The Job Offer You Can’t Believe (And Probably Shouldn't)

Javvad Malik 3 days ago
Microsoft launches free European Security Program: what does it entail?
Top story

Microsoft launches free European Security Program: what does it entail?

Microsoft President Brad Smith is living up to his political-sounding job title. After a series of appearance...

Erik van Klinken June 5, 2025

Tech calendar

Kaseya DattoCon Europe

June 17, 2025 Dublin

Nutanix Cloud Day Nederland 2025

June 17, 2025 Zeist

Akamai Customer Day Benelux

June 18, 2025 Nieuwegein

Nürnberg Digital Festival 2025

June 30, 2025 Nürnberg

GITEX DIGI_HEALTH 5.0 - Thailand

September 10, 2025 BITEC Bangkok, Thailand

IT Arena

September 26, 2025 Lviv, Ukraine

Whitepapers

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Try the latest high-end Synology backup system for free

Try the latest high-end Synology backup system for free

How do you ensure that your data is secure and can be quickly restore...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2025 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement