This devious malware will let hackers restore deleted cookies and hijack your Google account

Flaw could post a risk even for companies who watch their security practices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The latest version of the Lumma infostealermalwarehas a rather interesting feature - it is able to restore expiredGooglecookies, which can then be used to access the victim’s Google account.

The findings come from cybersecurity researchers from Hudson Rock, who have warned it could spell disaster even for organizations that follow best practices in terms of cybersecurity.

The team discovered an ad for the feature posted on a dark web forum which said that the version released on November 14 can “restore dead cookies using a key from restore files.” The ad further stresses that this only applies to Google cookies.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Fixing the bugs (in silence)

Hackers interested in purchasing this version of the infostealer should prepare $1,000, as that’s how much a single month’s subscription costs.

Lumma’s developers further explained that every session cookie can be used no more than two times, meaning that it can only be restored once. That, however, is more than enough to mount a devastating attack against any organization,BleepingComputercomments.

Google has so far been silent on the matter, but it hopefully working in the background to solve the issue.

The company has not commented on the findings, but a few days after being tipped off, Lumma released a new version that bypasses “newly introduced” restrictions set up by Google. So it’s safe to assume that right now, it’s a bit of a back-and-forth between Google and Lumma.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To make matters worse, it seems that Lumma isn’t the only infostealer with cookie-restoring capabilities out there, either. Rhadamanthys recently announced a similar feature, prompting the media to speculate that hackers may have found a security vulnerability. Lumma’s developers would disagree, though, as in a discussion with BleepingComputer they said that Rhadamanthys blatantly copied their design.

At this moment it’s difficult to determine if the feature even works as advertised or not. To be on the safe side, just make sure to only download programs and applications from verified sources.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI