November 22, 2023 at 05:00PM
The Lumma information-stealer malware, also known as LummaC2, claims to have a new feature that can restore expired Google cookies, allowing cybercriminals to hijack Google accounts. The feature is only available to subscribers of the highest-tier plan, costing $1,000/month. While this capability has not been verified by security researchers or Google, another malware called Rhadamanthys Stealer has made a similar claim. Users are advised to take precautions to avoid malware infections and protect their accounts.
Key Takeaways from Meeting Notes:
– The Lumma information-stealer malware, also known as LummaC2, is promoting a new feature that claims to restore expired Google cookies.
– Session cookies, which allow automatic login to a website’s services, have a limited lifespan for security reasons.
– Restoring these cookies would enable unauthorized access to Google accounts even after the legitimate owner has logged out or the session has expired.
– Lumma released an update on November 14, allowing the restoration of dead cookies using a key from restore files.
– The new feature is only available to subscribers of Lumma’s highest-tier “Corporate” plan, costing $1,000/month.
– Rhadamanthys Stealer, another info-stealer, has also claimed to offer a similar cookie restoration capability.
– The authenticity and functionality of these features have not been verified by security researchers or Google.
– BleepingComputer has reached out to Google for comment but has not received a response yet.
– Lumma’s developers released an update to bypass newly introduced restrictions imposed by Google on cookie restoration.
– Lumma’s support agent declined to provide details about the feature when asked by BleepingComputer.
– According to Lumma’s agent, Rhadamantis copied the feature from their stealer.
– If the cookie restoration feature works as promoted, users will have no immediate way to protect their accounts until Google addresses the vulnerability.
– Precautions include avoiding downloads from dubious websites and being cautious of promoted results in Google Search.