UPDATED Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed.
A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed. It can also be used to generate new session tokens to regain access to victims' emails, cloud storage, and more as necessary.
Since then, developers of info-stealer malware – primarily targeting Windows, it seems – have steadily implemented the exploit in their code. The total number of known malware families that abuse the vulnerability stands at six, including Lumma and Rhadamanthys, while Eternity Stealer is also working on an update to release in the near future.
They're called info stealers because once they're running on some poor sap's computer, they go to work finding sensitive information – such as remote desktop credentials, website cookies, and cryptowallets - on the local host and leaking them to remote servers run by miscreants.