A zero-day flaw called GhostToken was discovered and disclosed by cybersecurity researchers that could have allowed threat actors to hide a malicious app in a victim's Google account.
- The flaw affected all Google accounts, including enterprise-focused Workspace accounts. Google patched the issue after nine months of reporting it.
- The vulnerability enables attackers to gain permanent access to a victim's Google account and personal data by turning an already authorized third-party app into a malicious trojan app.
- The flaw bypasses Google's "Apps with access to your account" management feature, which is the only place where Google users can view third-party apps connected to their account.
- Users must revoke access granted to apps that are in a pending deletion state, as Google's patch now shows them.
- The flaw also revealed a little over a month after Mitiga disclosed that adversaries could exfiltrate sensitive data by exploiting the "insufficient" forensic visibility of GCP.
