- Hackers Seized 250 Million Rupees in India in a Sophisticated Cyber Robbery - August 18, 2023
- Lapsesus$ Teen Who Put the Changed Cybersecurity Industry Faced Trial - August 17, 2023
- Notification in the VSCode Developer Community – Malicious Extensions Compromise the Platform’s Security - August 17, 2023
Even seasoned cybersecurity specialists can become confused by the “GhostToken” vulnerability’s abuse.
Information on a newly resolved zero-day vulnerability in the Google Cloud Platform (GCP) has been made public by security professionals. This weakness allowed cyber criminals to conceal harmful programs in the account of the target.
Astrix Security, an Israeli startup, uncovered the Ghost Token Vulnerability, which impacts all Google accounts, including Workspace accounts for businesses. The flaw appeared on June 19, 2022. A global patch was implemented by the California corporation on April 7, 2023, just nine months later.
What the GhostToken is Capable of
According to the research, the GhostToken weakness enables cyber criminals to perpetually enter the victim’s Google account by converting a third-party program that had previously been permitted into a Trojan, leaving the victim’s private information exposed.
Simply said, a weakness enables an attacker to conceal their malicious program from the Google account of the victim’s application permission control pages, prohibiting the target from canceling permission.
To accomplish the desired result, the GCP application connected to the permitted OAuth app is deleted, putting the assignment into the state of awaiting removal. The intruder is able to render the project invisible once more after displaying the malicious app within it to secretly collect the target’s data.
It’s Almost Impossible for the Target to Resist
A report from Astrix Security reveals that attackers can manipulate the permissions granted to benign-looking applications downloaded from Google Play to gain unauthorized access to users’ sensitive data and accounts.
Such a breach could lead to the deletion of files from Google Drive, unauthorized email composition via Gmail, tracking of device location, and pilfering of confidential data from any Google service.
This vulnerability arises because malevolent apps can bypass the “Apps with account access” feature of Google that is meant to allow users to see the third-party applications linked to their accounts. As a result, attackers can access and exploit the user’s account and data while remaining undetected.
Google has recently taken a step to address this issue by releasing a patch that shows apps pending deletion on the Third Party Access page. This feature enables users to retract permissions granted to applications that they no longer trust or recognize. The update provides a way for users to remain aware of which apps have access to their data and helps them prevent unauthorized access.