Researchers at Astrix Security have discovered a security vulnerability in Google's Cloud Platform (GCP) called "GhostToken" that could have allowed cyber attackers to conceal a malicious application inside a victim's Google account, leaving it in a permanent state of undetectable infection. The malicious app could enable attackers to read the victim's Gmail account, access files in Google Drive and Photos, view their Google Calendar, and track their location via Google Maps. This information could be used to craft convincing impersonation and phishing attacks, or even to put the victim in physical danger. Google has since patched the vulnerability.
Read the full article here.
