(Web Desk) - The threat was reportedly first revealed when a hacker posted about the dangerous form of Malware last year in a post on Telegram.
A recent report found that cybercriminals have discovered a way to access people's Google accounts without hacking into their passwords.
According to a report titled ‘Compromising Google accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking’ by the security firm CloudSEK, hackers are using third-party cookies to gain unauthorised access to people’s private data - even after Google's two-factor authentication for users.
The report written by CloudSEK threat intelligence researcher Pavan Karthick M, says the new threat “underscores the complexity and stealth of modern cyber attack.”
“This exploit enables continuous access to Google services, even after a user’s password is reset.
It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats," CloudSEK wrote in a blog post published on December 29, 2023.
The threat was first revealed when a hacker posted about the dangerous form of Malware last year in a post on Telegram, reported The Independent.
Reportedly, the hacker mentioned the way they can access people's data through cookies used by websites.
Meanwhile, the Google Chrome web browser is currently cracking down on third-party cookies.
“We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.
Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads,” Google said as quoted by The Independent.