New Deceptive Technique Targets Chrome Users, Even Google Employees, to Steal Google Account Passwords
Over the past week, there have been flares and disruptions amidst Google’s impenetrable fortress. Regarded as a search engine conglomerate and market leader in software, and social media, Google recently faced issues with user security, where hackers have figured out a way to secure the passwords and personal information of users, specifically those using the Google Chrome search engine.
From a broad standpoint the hacking technique uses a sort of malware to lock users’ screens, and from there, extract their personal information. This will be expanded on, followed by an insight into Google as a search engine market leader, and recommendations and precautions for all of us, who should be worried about becoming victims to this emergent threat.
How is the Information Secured?
Advertisement
As many tech experts, and leaders in the field have been trying to diagnose, how is it that Google of all digital mediums and platforms has managed to fall victim to breaching of highly protected and secured user-data? Forbes highlights that one simple thing is utilised to have users succumb to sharing their personal information: ‘sheer frustration’.
Forbes breaks it down excellently, and notes that a ‘credential-stealing campaign’ uses malware called ‘StealC’ to lock users’ screens. They are forced into full screen mode, and are stuck, prevented from using their F11 or Esc keys to exit full screen. Whilst nothing works, and no options may be selected or buttons pressed, the only thing that pops up is a login window, for none other than the user’s Google account.
From this, StealC is able to access important and valuable information from your Gmail inbox, important high-security details, and even other passwords, codes and banking details. Only once all details such as the username and password are provided, does the screen unfreeze, and allow the user to continue with their tasks and daily agendas, unbeknownst that their details have now been copied to the metaphorical clipboard.
Advertisement
It is interesting to note that StealC does not actually derive the information, rather it has the user willingly enter their details; a prompt that appears seemingly benevolent. That is their trick to continually succeeding, and lying under the radar for this long. It is also the most logical explanation as to how they have managed to secure Google data, considering the high-tech security and firewalls protecting Google’s digital system.
This also differs entirely from phishing scams which use links, advertisements with emotive and persuasive language to trigger user behaviour. Instead, they are driven to act from pure desperation and helplessness.
Why Target Google?
Advertisement
Why not Yahoo? Bing? Amazon? Firefox? A rhetorical question, considering the weight and impact Google carries in all spheres and realms possible. It stands as, ‘without a doubt, one of the best internet companies we know; it is the most widely used and highly praised’. Furthermore, a significant 98% of the world’s internet users revert to Google as a default platform.
Google, specifically Google Chrome is therefore targeted due to its exponential usership, impact and reach across the globe. By transcending borders, hackers are able to utilise StealC, and access private, yet valuable information from anyone in the world, and from anywhere possible.
Advertisement
Google also possesses the platform and software upon which many individuals and businesses can operate their communications and operations from. Similar to Microsoft, companies rent a licence from Google, to possess their own email domains, access to Google endorsed software such as Google Docs, Sheets, Jam board and Drive, and conduct Video Teleconferencing meetings via Google Meet.
Like moths to a flame, hackers can only seize this opportunity, due to the possible volumes of company-classified or personalised accounts Google holds potential for.
What are the Long-Standing Consequences for Users?
Advertisement
Simply put, an inevitable consequence of sharing passwords is the hacker’s direct access to personal information and data located within that relative account. Furthermore, there is the provision of, ‘Google Workspace [which] will then give them that kind of access to then login and impersonate that user’. The risks go beyond the personal, and straight into the professional.
Some other downfalls that can result from this include a breach in financial information and internet banking, a degradation of professional reputations, possible legal implications and infringements, and an overall loss of control over private information and secured data.
How do We Protect Ourselves Against This?
Companies that use Google software and Workspace can ensure that multi-factor authentication processes are in place, ensuring that users provide additional information such as security questions to ensure a secure login, that is coming from the true user.
Install anti-malware and virus software onto your hardware. Although malicious and seemingly able to bypass these technologies, such software can possibly alert you to suspicious activity, and track when login prompts are not sent directly from Google themselves.
Use a two-factor authentication for private, personal accounts too.
Avoid a Google login, unless prompted by Google willingly, or within the internet browsing window, with the ability to go in and out of the application.
Be wary about the links you click or the data downloaded. It can be very easy to click on something suspicious, thereby triggering and allowing virus-related software to filter into and through your device from your browsing window.
Advertisement
It can be easy for us to take these precautions, especially because we are so conditioned, every day, to not click on suspicious links or adverts promoting free rewards and prizes. It is now that hyper-vigilance is advised, especially when surfing the web, conducting research, or completing our daily emails. A firm shut down and reboot can always do the trick when you’re locked out of your computer’s functions, too!
