Hackers Can Now Get Into Your Google Account Without Your Password

Hackers Can Now Get Into Your Google Account

Hackers Can Now Get Into Your Google Account Without Your Password

A new study revealed that cybercriminals have developed a method to infiltrate Google accounts of users without obtaining their credentials.

CloudSEK’s “Compromising Google accounts: Malware Exploit Undocumented OAuth2 Functionality for Session Hostovering” report details how hackers are exploiting undocumented OAuth2 functionality through third-party cookies to gain unauthorized access to user’s private information, despite the fact that Google employs two-factor authentication.

Pavan Karthick M, a researcher in threat intelligence for CloudSEK, states in his report that the new threat “underscores the stealth and complexity of contemporary cyber attacks.”

“This vulnerability allows ongoing utilization of Google services, even subsequent to a user resetting their password. “This underscores the importance of ongoing surveillance of human intelligence sources and technical vulnerabilities in order to proactively address emerging cyber threats,” CloudSEK stated in a blog post dated December 29, 2023.

The threat was initially unveiled in a Telegram message from a criminal last year, wherein he discussed the perilous variant of malware, according to The Independent. The hacker reportedly described how they are able to gain access to visitors’ information via the cookies that websites employ.

In the interim, Google Chrome is implementing stricter regulations regarding third-party cookies. “We upgrade our defenses against such techniques on a regular basis in order to protect users who have fallen victim to malware.” Google has implemented security measures to protect any compromised accounts that have been identified.

As cited by The Independent, Google advised users to “constantly take measures to remove malware from their devices, and we recommend activating Enhanced Safe Browsing in Chrome to safeguard against phishing and malware downloads.”

Ethical Hacking Course

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


According To Cybersecurity Experts, A Harmless Instagram Trend Could Potentiay llLead To A Data Hack.

For months, Russian Hackers had Secret Access to the Ukrainian Telecom Empire

Disclosed Secrets are Widespread. Know Methods To Handle Them

How Scammers Fool You in Like, Comment, and Review Scam? A Step-by-Step Process!


About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?