Technology
Beware of this sneaky Google attack that steals your expired cookies
‘CyberGuy’: Big Brother in the Big Apple
NYC drivers face a $15 daily congestion fee for entering the toll congestion zone south of 60th Street, monitored by license plate readers. Kurt “CyberGuy” Knutsson gives the details.
A new exploit threat lets hackers access your Google account using expired cookies that contain your login information. The exploits, which were discovered late last year, target session cookies, which only have a limited lifespan. However, they can “revive” those cookies, putting your personal information at risk.
A hacker named PRISMA first revealed they found a way to bring back expired Google session cookies. Since then, cybersecurity firm CloudSEK discovered an exploit in a program that allows users to synchronize their Google accounts across multiple devices. Now, hackers are using that exploit to steal your login and other information. Here’s a breakdown of how it all unfolded and how you can protect yourself.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Google Chrome start-up page (Kurt “CyberGuy” Knutsson)
Exploiting Google’s MultiLogin
As reported by BleepingComputer, certain malware strains have discovered a backdoor into Google’s authentication system. The vulnerability lies in the MultiLogin endpoint, which remains undocumented and largely unknown to the public. This clandestine gateway enables threat actors to revive expired authentication cookies, granting unauthorized access to users’ Google accounts.
Google Chrome start-up page (Kurt “CyberGuy” Knutsson)
MORE: BEWARE OF THIS MCAFEE GOOGLE CHROME AD SCAM
The role of session cookies
Before we dive deeper, let’s understand the role of session cookies. These specialized browser cookies contain authentication information. If you’ve ever experienced the convenience of returning to a site without re-entering your credentials, you’ve encountered session cookies. However, their design intentionally limits their lifespan to prevent prolonged unauthorized access.
MORE: HOW GOOGLE’S DATA CAN MAKE YOU A SUSPECT IN A CRIME YOU DIDN’T COMMIT
The Lumma and Rhadamanthys connection
In November of last year, cybercriminals associated with the Lumma and Rhadamanthys info-stealing malware strains made a bold claim: they could resurrect expired Google Authentication cookies stolen during cyberattacks. Armed with these seemingly defunct cookies, a hacker gains entry to a victim’s Google account, even if the user has logged out, reset their password, or their session has expired.
PRISMA’s revelation
The exploit’s origins trace back to a Telegram post by a threat actor known as PRISMA. In October, they unveiled their discovery: a method to restore Google authentication cookies that had reached their expiration date. This revelation set the stage for further investigation.
CloudSEK’s investigation
Enter CloudSEK, a cybersecurity firm committed to predicting and preventing cyberattacks. Their researchers took on the challenge, reverse engineering the exploit. Their findings revealed that the MultiLogin endpoint served as the linchpin for the hackers. This undocumented feature facilitates account synchronization across various Google services, making it an ideal target for malicious actors’ nefarious activities.
Google Chrome start-up page (Kurt “CyberGuy” Knutsson)
MORE: GOOGLE FINALLY ADMITS DATA COLLECTION IN CHROME’S INCOGNITO MODE
Protecting against MultiLogin exploit
The exploitation of MultiLogin raises serious concerns for those of you who are Google account holders. To safeguard against this threat, consider the following steps:
1) Sign out of the affected browser: Google is aware of this issue and has taken action to secure compromised accounts. Google’s recommendation is to simply sign out of the affected browser to revoke session cookies.
2) Enhanced Safe Browsing: Enable Enhanced Safe Browsing in Chrome for additional protection against malware and phishing attacks.
On your computer:
- Open Google Chrome on your computer
- Click the initial in the top-right corner of the browser window
- Tap Manage your Google Account
- Click Security on the left
- Under Enhanced Safe Browsing for your account – make sure it is turned On
On your smartphone:
- Open Google Chrome on your computer
- Click the initial in the top-right corner of the browser window
- Tap Google Account
- Click Security
- Scroll down and under Enhanced Safe Browsing for your account – make sure it is turned On
3) Regularly change passwords: Regularly change your Google password to keep your account safe from hackers. If you struggle with creating new passwords, consider using a password manager.
4) Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Choose the best option for your PC, Mac, iPhone or Android smartphone. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails and ultimately protect you from being hacked. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Kurt’s key takeaways
In light of the recent exploits targeting Google accounts through resurrected session cookies, it’s imperative to strengthen our defenses against such cyberthreats. From the initial discovery by PRISMA to the subsequent investigations by CloudSEK, the vulnerabilities in Google’s MultiLogin endpoint have now been exposed.
To protect your account, ensure you sign out of affected browsers, enable Enhanced Safe Browsing, regularly update passwords, and have good antivirus software across all your devices. By implementing these security measures, you can thwart attempts to compromise your online privacy and safeguard your digital identities.
How important do you think it is for technology companies like Google to continually update and enhance their security protocols to protect you from evolving cyberthreats? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
The YouTube watch screen has been given a new look on TVs. The redesign aims to provide a “more intuitive experience with easier navigation,” according to YouTube’s announcement, relocating the video title and several controls, and adding a new “Description” button to access creator information and other video features.
I’m already seeing the update on my own Nvidia Shield Pro streaming box and native Phillips TV OS, and I do think it makes it easier to find specific video features and controls. My colleague Thomas Ricker says he isn’t seeing the redesign in Apple TV’s YouTube player, however, so they may still be rolling out. These changes are pretty delayed, considering YouTube announced in April that they would arrive “this summer.”
Videos on the YouTube app for TV will now show the title in the top left corner of the screen instead of just above the video scrubber at the bottom of the page, and the title can no longer be clicked to open comments, metadata, and information about the creator. Instead, those controls are now available by clicking the new “Description” button. The channel thumbnail and subscribe function have also been separated into two buttons, with the creator’s thumbnail now taking users directly to their channel.
Controls have been reorganized into distinct groups under the video scrubber: Channel, Description, and Subscribe on the left, Previous, Pause/Play, and Next in the center, and Like, Dislike, Comment, Save, Closed Captions, and Settings placed into two groups on the right. YouTube says the Subscribe button will remain visible to subscribers, adapting to flag pay-gated content or alert users to new live streams. A “Multiview” control has also been added for live sports content, while Music and Premium subscribers will see a new “Display Mode” control.
NEWYou can now listen to Fox News articles!
Holiday travel and winter storms create risky moments for drivers and families. Stress rises fast during emergencies, and describing the scene to 911 can feel overwhelming.
Now, a new Android feature closes that gap by providing live visual information that helps responders act with speed and accuracy.
If you use an iPhone, Apple offers a similar tool through its Emergency SOS Live Video feature. You can learn how it works right here.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
HOW ANDROID MALWARE LETS THIEVES ACCESS YOUR ATM CASH
Android Emergency Live Video gives 911 a secure live view of the scene, so responders understand what is happening right away. (Cyberguy.com)
What Android Emergency Live Video does
Google is rolling out Android Emergency Live Video to give dispatchers a secure view of the scene during an active call or text. A dispatcher can request a live video stream through your phone when it is safe for you to share it. With a single tap, you can stream real-time video that helps responders understand what is happening.
This can help during car accidents, medical emergencies or fast-moving hazards such as wildfire conditions. Live video can also help dispatchers guide you through steps that save lives, such as CPR, until responders arrive.
APPLE NOW LETS YOU ADD YOUR PASSPORT TO YOUR PHONE’S WALLET
How the Android Emergency Live Video feature works
Android designed this tool to work with no setup. When you call or text 911, the dispatcher reviews the situation. If they decide video would help, they will send a request to your phone. You see a clear prompt that lets you choose whether to start the secure stream. The feature uses encryption and gives you full control. You can stop sharing at any moment.
The feature works on Android phones running Android 8 or newer with Google Play services. It is rolling out across the U.S. and select regions in Germany and Mexico. Google plans to expand coverage with more public safety partners.
How to use Emergency Live Video on Android
You cannot turn this feature on in advance. It appears only during an active 911 call or text.
1) Call or text 911 on your Android phone. The dispatcher reviews your situation.
2) Watch for a request on your screen. If the dispatcher decides live video will help, they send a prompt to your device.
3) Tap the notification that appears. You will see a clear message asking if you want to share live video.
4) Choose Share video to start streaming. This opens your camera and begins a secure live feed.
5) Tap Stop sharing at any time. You stay in control the entire time and can end the video at any time.
With one tap, you can choose to share real-time video during a 911 call or text which gives dispatchers the clarity they need to guide you. (CyberGuy.com)
Why Emergency Live Video on Android matters now
Emergencies create confusion. Sharing details verbally takes time and can lead to miscommunication. Video removes guesswork. Responders gain clarity in seconds, which can speed up help and improve outcomes. This tool builds on Android’s safety features, including Satellite SOS, Fall Detection and Car Crash Detection.
NEW ANDROID ATTACK TRICKS YOU INTO GIVING DANGEROUS PERMISSIONS
Alastair Breeze, a Software Engineer for Android, tells CyberGuy that the team built this feature with one goal in mind. “Providing people peace of mind is at the core of Android’s safety mission. Android Emergency Live Video gives you the ability to securely share real-time video to provide dispatchers the critical eyes-on-scene context they need to assist in emergencies.”
What this means to you
If you carry an Android phone, this feature adds another layer of protection during moments that demand quick action. You stay in control of when the video is shared. You also get a simple way to show the situation when describing it feels impossible. Faster clarity can lead to faster help, which can shape how an emergency ends.
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.
The feature works on Android phones running Android 8 or newer and helps responders act faster during emergencies when seconds matter. (Tony Giberson/tgiberson@pnj.com / USA TODAY)
Kurt’s key takeaways
Android Emergency Live Video brings real-time awareness to moments when every second matters. It gives responders a clear view, so they can guide you through urgent steps if necessary. Most of all, it adds peace of mind during situations no one plans for.
Would you feel comfortable sharing live video during an emergency if it helped responders reach you faster? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
The Game Awards are back once again to showcase a metric ton of commercials, provide the gaming public with their monthly dose of Muppets, and validate gamers’ opinions on which title should be named the Game of the Year. I don’t wanna say it’s a foregone conclusion what this year’s GOTY will be — Silksong may surprise us — but it’s pretty obvious that Clair Obscur: Expedition 33 is the frontrunner and for good reason. It’s netted 12 nominations, the most out of this year’s contenders, including all five craft awards (Direction, Art, Music and Score, Narrative, and Audio Design).
On the announcements side, Crystal Dynamics and Amazon Games are planning something related to the Tomb Raider series. Keighley also probably had plans to reveal big news about Resident Evil: Requiem, but unfortunately it got spoiled early thanks to some leaked key art on the PlayStation Store. Here’s all the news, announcements, and trailers from The Game Awards 2025.
Vote For the Best Metropolitan Diary Entry of 2025
Detroit Lions rule out All-Pro safety, list 7 others as questionable vs. Rams
3-alarm fire burns San Francisco Tenderloin residential building
Dallas County adult probation director out of role amid state audit
The team behind a very popular NYC pizzeria is opening a new spot in Miami
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Behind the Supreme Court’s Push to Expand Presidential Power
Kilmar Abrego Garcia seen for first time since release, pledges to ‘continue to fight’ Trump admin
Israel bombards areas across southern Lebanon in latest truce violation
Trump announces pardon for Tina Peters, increasing pressure to free her though he can’t erase state charges | CNN Politics
Video: Hiker Rescued From Quicksand in Arches National Park
-
Alaska6 days agoHowling Mat-Su winds leave thousands without power
-
Politics1 week agoTrump rips Somali community as federal agents reportedly eye Minnesota enforcement sweep
-
Ohio1 week agoWho do the Ohio State Buckeyes hire as the next offensive coordinator?
-
Texas6 days agoTexas Tech football vs BYU live updates, start time, TV channel for Big 12 title
-
News1 week agoTrump threatens strikes on any country he claims makes drugs for US
-
World1 week agoHonduras election council member accuses colleague of ‘intimidation’
-
Washington3 days agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa5 days agoMatt Campbell reportedly bringing longtime Iowa State staffer to Penn State as 1st hire