"Securing Google Accounts: Expert Tips to Thwart Password-Less Hack Attacks"
Originally Published 2 years ago — by BleepingComputer
Google has acknowledged that malware is abusing an undocumented Chrome API to generate new authentication cookies, but considers it a standard token theft issue rather than an API flaw. The malware, including operations named Lumma, Rhadamanthys, Stealc, Medusa, RisePro, and Whitesnake, uses the API to refresh expired Google authentication tokens, allowing prolonged unauthorized access to user accounts. Google advises affected users to log out of Chrome or kill active sessions to invalidate the refresh token and change their Google password. Despite the potential for ongoing abuse, Google has not indicated plans to restrict API access, and users often remain unaware of infections until their accounts are misused. Cybersecurity firm CloudSEK and BleepingComputer have highlighted the issue, but Google's response has been to recommend general security practices without addressing the specific API abuse.