November 21, 2023 at 02:35PM
The Lumma malware, known as LummaC2, is advertising a new feature that claims to restore expired Google cookies. These cookies can be used to gain unauthorized access to Google accounts. The feature is available to subscribers of the high-tier “Corporate” plan, which costs $1,000/month. The legitimacy of this feature has not been verified by security researchers or Google. Another malware, Rhadamanthys Stealer, also claimed to offer a similar cookie restoration capability. Users are advised to take precautions to prevent malware infections and protect their accounts.
Meeting Takeaways:
– The Lumma information-stealer malware, also known as LummaC2, is advertising a new feature that claims to allow cybercriminals to restore expired Google cookies.
– Session cookies are web cookies that enable automatic login to a website’s services during a browsing session.
– Restoring expired Google cookies would enable unauthorized access to Google accounts even after the user has logged out or the session has expired.
– Hudson Rock’s Alon Gal discovered a forum post by Lumma’s developers announcing the ability to restore dead cookies using a key from restore files, specifically for Google cookies.
– This new feature is only accessible to subscribers of Lumma’s highest-tier “Corporate” plan, which costs $1,000/month.
– Each key can be used twice, providing restoration capability only once.
– Rhadamanthys Stealer, another malware, also claims to offer Google cookie restoration, suggesting that malware authors have found a security gap.
– BleepingComputer has reached out to Google for comments on the possibility of a vulnerability in session cookies but has not received a response.
– Lumma released an update after being contacted by BleepingComputer, claiming to address newly introduced restrictions by Google to prevent cookie restoration.
– BleepingComputer attempted to gather more information about the feature directly from Lumma but was denied by a support agent.
– Lumma’s agent claimed that their competitors copied the feature from Lumma’s stealer.
– If information-stealers can indeed restore expired Google cookies, users can only protect their accounts by preventing malware infections and avoiding downloads from suspicious websites.
– Precautions include avoiding torrent files and executables from dubious sources and being cautious of promoted results on Google Search.