Ammon News - Google Workspace is launching a new security measure to help prevent the same type of account takeover attack that impacted Linus Tech Tips. The feature, which is rolling out in beta for Chrome users on Windows, is designed to block bad actors from remotely stealing the cookies that keep you logged in to your Workspace account.

Google calls the feature Device Bound Session Credentials (DBSC), and it does exactly what its name suggests: it protects users’ Workspace accounts by binding session cookies, the temporary files that websites use to remember user information, to their devices.

That makes it more difficult for attackers to carry out session token-stealing attacks, which often occur when a victim downloads information-stealing malware. From there, bad actors can exfiltrate a victim’s login credentials to a remote server, allowing them to sign in to their account from another device or sell their credentials.

“Because this theft occurs after a user has logged in, it bypasses many existing account protections like 2FA [two-factor authentication],” Google spokesperson Ross Richendrfer tells The Verge. “Existing protections for this type of attack aren’t very mature, so it’s low-hanging fruit for attackers.”

In 2023, a bad actor took over the YouTube channel for Linus Tech Tips, along with two other Linus Media Group accounts, after an employee downloaded a fake sponsorship offer file containing cookie-stealing malware. This week, YouTube issued a warning about a similar scam involving creators downloading phony brand deals. YouTube isn’t the only platform that we’ve seen impacted by cookie-stealing, either, as hackers hijacked several Chrome extensions last year, adding malware that exfiltrates session tokens for some websites.