The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Restoring these cookies would allow Lumma operators to gain unauthorized access to any Google account even after the legitimate owner has logged out of their account or their session has expired.
Follow
forum post also clarifies that each key can be used twice so that cookie restoration can work only one time.
it is worth mentioning that another stealer, Rhadamanthys, announced a similar capability in a recent update, increasing the likelihood that malware authors discovered an exploitable security gap.
