PRISMA’s epic chase – Unlocking Google’s MultiLogin puzzle.

December 30, 2023
1 min read

CloudSEK, a cyber security firm, has discovered a method that allows hackers to stay logged into Google accounts even after the password has been changed. The hackers exploit a hidden door in Google’s system called “MultiLogin” to create a malware called Lumma Infostealer, which regenerates secret codes, or cookies, that Google uses to verify user identity. This poses a serious threat as the hackers can continue to access the account even after the password has been changed. CloudSEK has reached out to Google for a response, but there has been no word from the tech giant yet.

The Hack

Hackers, led by someone calling themselves PRISMA, have discovered a way to stay logged into Google accounts even after the password has been changed. They exploit a hidden door in Google’s system called “MultiLogin” to create a malware called Lumma Infostealer. This malware is able to regenerate secret codes, known as cookies, that Google uses to verify user identity.

The Threat

CloudSEK, a cyber security firm, has identified this hacking method as a serious threat. The hackers are able to set up camp in the user’s Google account, even if the password is changed. They continue to have access to the account by using the regenerated cookies. It’s like changing the locks on a front door, but the hackers still have a secret master key.

Lack of Response from Google

CloudSEK researchers have reached out to Google to inform them of this vulnerability, but there has been no response from the tech giant so far. It is unclear how Google plans to address this security issue.

In conclusion, hackers have discovered a method to stay logged into Google accounts even after the password has been changed. This poses a serious threat as the hackers can continue to access the account and potentially steal sensitive information. CloudSEK has reached out to Google for a response, but there has been no word from the tech giant yet. Users should be cautious and consider additional security measures to protect their Google accounts.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain