
GhostToken Flaw Could Let Attackers Hide Malicious Apps on Google Cloud Platform
Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that allowed threat actors to hide unremovable malicious apps within victims’ Google accounts.
nicknamed Ghost Tokens by Israeli cybersecurity startup Astrix Security, the flaw affects all Google accounts, including enterprise-focused Workspace accounts. Discovered and reported to Google on June 19, 2022. The company applied the global patch more than nine months later on April 7, 2023.
“The vulnerability (…) allowed an attacker to gain permanent and irremovable access to a victim’s Google account by turning an authorized third-party application into a malicious trojan application, leaving the victim’s personal data exposed forever,” Astrix said in a report.
In short, this flaw allows attackers to hide their malicious apps from victims’ Google accounts application management pagethereby effectively preventing users from revoking their access.
This is achieved by deleting GCP project associated with the official OAuth app, causing it to be in a “waiting for deletion” state. Threat actors, armed with this capability, can then hide the rogue application by restoring the project and using the access token to obtain the victim’s data, and make it invisible again.

“In other words, the attacker is depositing a ‘ghost’ token into the victim’s account,” Astrix said.
The type of data that can be accessed depends on the permissions granted to the application, which can be abused by adversaries to delete files from Google Drive, compose emails on behalf of victims to carry out social engineering attacks, track locations, and extract sensitive data from Google Calendar, Photos, and drives.
“Victims may have unknowingly authorized access to the malicious application by installing a seemingly harmless application from the Google Marketplace or one of the many productivity tools available online,” Astrix added.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Fraud can detect advanced threats, stop lateral moves, and improve your Zero Trust strategy. Join our insightful webinar!
“Once the malicious app is authorized, an attacker exploiting the vulnerability can bypass Google’s “Apps with access to your account” management feature, which is the only place where Google users can see third-party apps linked to their account.”
Google’s patch addresses the issue by now showing apps that are in pending removal status on third-party access pages, allowing users to revoke permissions granted to those apps.
This development comes as Google Cloud fixes a privilege escalation flaw in the dubbed Cloud Asset Inventory API Asset Key Thief which can be exploited to steal user-managed Service Account private keys and gain access to valuable data. This issue discovered by SADA earlier February was patched by the tech giant on March 14, 2023.
The findings come more than a month after cloud incident response firm Mitiga revealed that adversaries could leverage “insufficient” forensic visibility into GCPs to extract sensitive data.