Gmail Users at Risk: Hackers Find Hidden Path to Corporate Email

·36·Technology
Gmail Users at Risk: Hackers Find Hidden Path to Corporate Email

Experts from Kaspersky Lab, active in the field of cybersecurity, have identified a new attack method posing a serious threat to Gmail users, especially corporate clients. Using this method, criminals gain completely imperceptible access to the user's private correspondence, calendar, and other data in Google services. This is reported by Ixbt.com news reports.

According to experts, this attack vector, named STRD (Shadow Token via Remote Debug), is based on vulnerabilities in the OAuth authorization mechanism. Hackers use a specially developed tool called Umbrij to seize the "token" (digital key) required to enter the system. This process does not require the user to enter any login or password, making the attack extremely difficult to detect.

Attack Mechanism and Chromium Browsers

While the primary target of the attack is the Windows operating system, specialists warn that other platforms may also be at risk. The main condition is that the user must not have logged out of their account in browsers running on the Chromium engine (for example, Google Chrome or Microsoft Edge). While an active session is maintained in the browser, hackers establish a connection remotely via the debug port.

In this case, hackers launch a new instance of the browser and begin sending requests to the Gmail service on behalf of the user. As a result, the system accepts this as the action of a legitimate user. According to ixbt.com, this method allows not only reading emails but also downloading confidential data and monitoring corporate plans.

Security Measures and Recommendations

Considering that many companies and government organizations in Uzbekistan also extensively use the Google ecosystem in their work, this threat is relevant for local IT specialists as well. To ensure security in corporate networks, a number of preventive measures are recommended.

Experts advise following these security measures:

  • Regularly audit third-party applications that have access to Google accounts;
  • Monitor for abnormal activity in the system, specifically the launch of the browser with the debug port enabled;
  • Use the Log out button to fully exit the system at the end of the workday or when using shared computers.
Currently, cybercriminals' methods are improving day by day. Therefore, controlling not only complex passwords but also the technical aspects of system access has become an integral part of modern cybersecurity. Specialists urge corporate users not to click on suspicious links and to be attentive to changes in browser settings.

GmailCybersecurityGoogleHackersTechnology
Add Zamin.uz to GoogleRead "Zamin" on Telegram!
Abror Shuhratov
«ZAMIN.UZ» editor
Discuss with Zamin AIAnalyze the news, get useful answers

Comments 0

Related news

Wildberries introduces IMEI verification system for premium smartphonesWildberries introduces IMEI verification system for premium smartphonesToday, 18:59Giant Magnets for Artificial Sun Tested in ChinaGiant Magnets for Artificial Sun Tested in ChinaToday, 18:20OnePlus introduces affordable N6 smartphone with 8000 mAh batteryOnePlus introduces affordable N6 smartphone with 8000 mAh batteryToday, 17:51Xiaomi introduces new massager with muscle heating functionXiaomi introduces new massager with muscle heating functionToday, 16:53Companies worldwide grant employees days off for GTA VI releaseCompanies worldwide grant employees days off for GTA VI releaseToday, 16:21Hyper-realistic Humanoid Robot Sales Begin in China: Prices Up to $146,000Hyper-realistic Humanoid Robot Sales Begin in China: Prices Up to $146,000Today, 15:59
AnnouncementsPartnership
Playmatch: Simplifying Operations for Pitch Owners
Playmatch: Simplifying Operations for Pitch Owners
Playmatch: All Necessary Football Services in One App
Playmatch: All Necessary Football Services in One App
How are investment decisions made in conditions of high uncertainty?
How are investment decisions made in conditions of high uncertainty?
How to choose a card for daily expenses?
How to choose a card for daily expenses?
Eldor Shomurodov Football Academy and TBC Bank: From childhood dreams to big football
Eldor Shomurodov Football Academy and TBC Bank: From childhood dreams to big football
Advantages of OSGOP insurance for drivers and carriers
Advantages of OSGOP insurance for drivers and carriers
Another creativity from Pure Milky: Every step - with love for dear people!
Another creativity from Pure Milky: Every step - with love for dear people!
Where should you work to increase your chances of getting a loan
Where should you work to increase your chances of getting a loan

Most read Technology news

First iPhone 18 Design Leaked: Apple Opts for Unexpected Look
First iPhone 18 Design Leaked: Apple Opts for Unexpected Look
NASA Finds Strongest Evidence of Life on Mars: Perseverance Update
NASA Finds Strongest Evidence of Life on Mars: Perseverance Update
Geomagnetic Storms Found to Sharply Change Surface Temperatures
Geomagnetic Storms Found to Sharply Change Surface Temperatures
Samsung Galaxy S23 users face issues after One UI 8.5 update
Samsung Galaxy S23 users face issues after One UI 8.5 update
Galaxy S23, S24, and S25 Ultra Models Lose One UI 8.5 Features
Galaxy S23, S24, and S25 Ultra Models Lose One UI 8.5 Features
Strong Magnetic Storm Begins on Earth
Strong Magnetic Storm Begins on Earth
iPhone 18 Pro to be Thicker Than Expected: Apple Plans Camera System Revolution
iPhone 18 Pro to be Thicker Than Expected: Apple Plans Camera System Revolution
iPhone 18 Pro and iPhone 18 Pro Max Mockups Shown in Live Video for the First Time
iPhone 18 Pro and iPhone 18 Pro Max Mockups Shown in Live Video for the First Time