Parental Control Flaw Allows Google Account Hacks

ReversingLabs researchers describe an active cybercrime campaign where a Trojan distributed via compromised Discord accounts and fake game download pages steals credentials and hijacks sessions; attackers then abuse Google Family Link by downgrading victims' account age to assign malicious parent control, locking users out and extorting ransom. The report documents victim narratives, a lab recreation of the Family Link abuse, mitigations (MFA, disabling "skip password when possible", backups), and published IOCs (malicious Netlify and Dropbox links).