This devious malware will let hackers restore deleted cookies and hijack your Google account

News
By published

Flaw could post a risk even for companies who watch their security practices

Keyboard
(Image credit: Shutterstock)

The latest version of the Lumma infostealer malware has a rather interesting feature - it is able to restore expired Google cookies, which can then be used to access the victim’s Google account.

The findings come from cybersecurity researchers from Hudson Rock, who have warned it could spell disaster even for organizations that follow best practices in terms of cybersecurity. 

The team discovered an ad for the feature posted on a dark web forum which said that the version released on November 14 can “restore dead cookies using a key from restore files.” The ad further stresses that this only applies to Google cookies.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Fixing the bugs (in silence)

Hackers interested in purchasing this version of the infostealer should prepare $1,000, as that’s how much a single month’s subscription costs. 

Lumma’s developers further explained that every session cookie can be used no more than two times, meaning that it can only be restored once. That, however, is more than enough to mount a devastating attack against any organization, BleepingComputer comments.

Google has so far been silent on the matter, but it hopefully working in the background to solve the issue. 

The company has not commented on the findings, but a few days after being tipped off, Lumma released a new version that bypasses “newly introduced” restrictions set up by Google. So it’s safe to assume that right now, it’s a bit of a back-and-forth between Google and Lumma. 

To make matters worse, it seems that Lumma isn’t the only infostealer with cookie-restoring capabilities out there, either. Rhadamanthys recently announced a similar feature, prompting the media to speculate that hackers may have found a security vulnerability. Lumma’s developers would disagree, though, as in a discussion with BleepingComputer they said that Rhadamanthys blatantly copied their design.

At this moment it’s difficult to determine if the feature even works as advertised or not. To be on the safe side, just make sure to only download programs and applications from verified sources.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Latest in Security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Latest in News
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect
Snapdragon G Series
Qualcomm poised to muscle in on AMD's territory with powerful gaming handheld processors
David running in the desert in House of David.
Prime Video’s hit new historical drama will continue its reign for another season as House of David gets renewed
Student sat at a desk with a laptop in a dormitory looking at a mobile phone
Windows 11 could eventually help you understand how fast your PC is - as well as offer tips for making your PC or laptop faster for free
More about security
DeepSeek

Fake DeepSeek installers are infecting your device with dangerous malware
Data leak

Top California sperm bank suffers embarrassing leak
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

A worrying Apple Password App vulnerability reportedlyleft users exposed for months
See more latest
Most Popular
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
The new KontrolFreek Call of Duty Performance Thumbsticks on a purple background.
Exclusive: the new KontrolFreek Call of Duty Performance Thumbsticks Speed Cola Edition might be the coolest looking yet and come with a limited in-game item
David running in the desert in House of David.
Prime Video’s hit new historical drama will continue its reign for another season as House of David gets renewed
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect
Data leak
Top California sperm bank suffers embarrassing leak
Snapdragon G Series
Qualcomm poised to muscle in on AMD's territory with powerful gaming handheld processors
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 20 (game #382)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 20 (game #648)