Have you noticed that there are some websites that log you in automatically when you visit it? These sites rely on what are known as session cookies. These cookies contain authentication information to save you time from having to log in everytime you visit the website.
These cookies have a limited lifespan so they cannot be used indefinitely or abused, but now it seems that there are a couple of malware out there that can abuse these cookies and used to hijack your Google account. This can even happen when you log out of your account, or if your session has expired, or if you have reset your passwords.
According to a detailed report from CloudSEK and Hudson Rock, this malware needs to be installed on your desktop which will then extract and decrypt your login tokens that are stored within Chrome’s local database. The malware will then send a request to a Google API which will then be able to regenerate expired Google Service cookies to maintain “persistent access” on your account.
At this point it is unclear if using 2FA will help mitigate this attack since 2FA relies on OTPs sent to another device like your phone. In the meantime, until this exploit has been patched, it’s probably a good idea to avoid downloading files from unknown sources or attachments from emails from unknown and unverified senders just to be safe.
