Let’s take Google account as an example: so I got infected with virus that allows user to steal my cookies. I have two active sessions in Google – PC and phone. Is there gonna be 3-d session which will appear when he logs in using my cookies or will it shown as mine, that already existing?
I got rid of the virus a long time ago, and it was on another device. But the paranoia remained. So, is it possible to determine this by active sessions or not?
In: Technology
The [stolen] cookie represents the session itself. Your infected device – presumably your PC – will represent both you and the person who stole it on google’s “list of action sessions” list. The bad guys bypass the need to log in as you by using your session cookie which represents the fact that you are already logged in. They do not get their own separate session because the whole point is they join into one of your own that already exist.
The solution is to eradicate the virus – which I will assume you did successfully, but some viruses are damned hard to remove these days – then close all sessions and login again from scratch with your username, password, 2FA and so on. Check and you should see only your currently active session now.
In the short term, if you think you are infected, go press the Logout button on the infected device. It closes your session on that device, and as such closes it for both you and whoever stole it. It’s worthless now. Removal of the virus is the next step, and make sure you remove it properly before you try logging in again. Last thing you want is to risk the virus getting your password plus stealing the new session you make.
Aside: this should be highly detectable by Google, etc. If the same session is in use at the same time in 2 different countries, assume the worst. The downside is this could bite people using VPNs, so maybe it should be something you can disable at your own risk… I dunno. It bugs me.
Latest Answers