Recent reports from Gmail and YouTube users have revealed a series of account security breaches where hackers bypassed Google’s two-factor authentication (2FA) protections. The affected accounts were compromised as part of a scam involving Ripple’s XRP cryptocurrency. Victims have shared their experiences on various online forums, including Google’s official support forums and Reddit, detailing how hackers altered account recovery settings and locked out the legitimate owners.
These breaches have highlighted a sophisticated method employed by hackers: the use of cookie theft malware. This malware is designed to steal session cookies, which are small data pieces that facilitate quicker logins to various services. By obtaining these cookies, hackers can masquerade as the legitimate account holders, tricking systems into granting them access without the need for a password.
The attack starts with phishing emails that direct users to malicious sites where the malware is downloaded. Once installed, this malware allows hackers to bypass 2FA, gaining unauthorized access to accounts. This strategy not only compromises the security of the account but also the personal security of the users involved.
Forbes reported that the scam often baits users with the promise of free XRP, asking them to send an amount of the cryptocurrency in return for a greater sum. To lend credibility to their scheme, scammers have used deepfake videos of Ripple CEO Brad Garlinghouse.
In response to these incidents, Google has recognized the ongoing issue of session cookie hijacking and continues to refine their security measures to prevent such breaches. The company also assures that its automated account recovery process allows users to regain control of their accounts using their original recovery factors for up to seven days after changes are made, provided these were set up prior to the incident.
To bolster security, Google encourages users to utilize additional security tools like passkeys and to regularly complete Google’s Security Checkup to ensure all possible security measures are in place and up to date.
Expanded Coverage: