Imwe nyowani yekuba malware yaonekwa panzvimbo informace uye izvo mukuita izvi zvinoshandisa isina kuziviswa yeGoogle OAuth endpoint inonzi MultiLogin kuzorodza makuki echokwadi akapera uye kupinda mumaakaundi evashandisi kunyangwe password yeakaundi yakagadziridzwa. Izvi zvakataurwa neBleepingComputer webhusaiti.
Pakupera kwaMbudzi gore rapfuura, BleepingComputer yakashuma nezve spyware inonzi Lumma iyo inogona kudzoreredza makiki echokwadi eGoogle akapera mukurwisa kwepamhepo. Aya mafaera aibvumira matsotsi kuti awane mukana usina mvumo kumaakaundi eGoogle kunyangwe varidzi vawo vabuda, vagadzirise mapassword avo, kana kupedza nguva yavo. Kubatanidza kune CloudSEK server report, iyo webhusaiti ikozvino yatsanangura kuti zuva rezero rekurwisa rinoshanda sei.
Muchidimbu, bug inobvumira malware kuti iiswe pakombuta yedesktop "kubvisa uye kudhirodha zvitupa zviri muGoogle Chrome's database yenzvimbo." CloudSEK yakawana hutachiona hutsva hunonangana nevashandisi veChrome kuti vawane mukana kuGoogle account. Iyi malware ine njodzi inotsamira pamakuki trackers.
Chikonzero nei izvi zvinogona kuitika pasina vashandisi vanozviziva imhaka yekuti zvataurwa pamusoro apa spyware zvinogonesa. Inogona kudzoreredza Google makuki akapera uchishandisa ichangobva kuwanikwa yekubvunza API kiyi. Kuita kuti zvinhu zvinyanye kuoma, matsotsi anogona kushandisa mukana uyu imwezve nguva kuwana account yako kunyangwe wakagadzirisa password yeakaundi yako yeGoogle.
Unogona kufarira
Maererano neBleepingComputer, akabata Google kakawanda nezvenyaya iyi yeGoogle, asi haasati awana mhinduro.
