VaultJacking Steals Google Password Manager Vault via PIN

VaultJacking, a newly identified phishing technique, is raising serious alarms across the cybersecurity community. Attackers can leverage this method to steal an entire Google Password Manager vault, including all saved passwords and passkeys, using only a single captured 6-digit PIN.

This is not a theoretical risk, as it is a fully demonstrated, end-to-end attack that exploits the way Google synchronizes credentials across devices.

The attack targets a feature most users trust completely: Google’s cross-device passkey and password sync. When a victim is tricked into entering their GPM PIN on a fake sign-in page, that single credential becomes the master key to their entire synced vault.

Every third-party login, every stored passkey, and every saved credential instantly becomes accessible to the attacker operating from behind the scenes.

Researchers at Phishu identified and documented the full VaultJacking technique, outlining how it fits within the PhishU adversary simulation framework.

Phishu said in a report shared with Cyber Security News (CSN) that the attack proves synced credential vaults introduce an outsized risk when their unlock secret is captured through a single, well-timed phishing event.

The attack exploits Google’s Security Token Service and its use of a Security Level Secret to unlock sync across devices.

When the correct GPM PIN is entered on the phishing page, it unlocks the Security Level Secret on the operator’s infrastructure, decrypts the synced vault, and sends every stored credential directly to the attacker.

There is no pre-existing foothold required on the victim’s device and no malware needs to be installed beforehand.

What makes VaultJacking particularly dangerous is how it sidesteps Google’s Live Device Found Session Credentials defense.

The attacker’s sync component uses the captured credentials and an operator-owned passkey to authenticate from operator infrastructure, well after the original session cookies have expired. One captured PIN. No prior installation. The entire vault is compromised.

VaultJacking Attack Steals Entire Google Password Manager Vault

Google Password Manager synchronizes passkeys and passwords across every device logged into the same Google account.

It stores everything encrypted with a key tied to the user’s Security Level Secret, which is itself protected by the 6-digit GPM PIN.

When a victim enters this PIN on a phishing page carefully styled to match Google’s real prompt, the attacker gains the ability to register a new device on the victim’s security domain.

The PhishU framework’s sync-dup component then drives a fresh Chrome instance with the captured PIN and operator-owned passkey, authenticates into the victim’s Google account from operator infrastructure, and downloads every synced password and passkey in the vault.

Passkeys in Chrome 359 and later write their private-key bytes to the local Passkeys SQLite database. Those raw bytes travel with the sync payload, meaning even hardware-backed passkeys are recovered. No rate limiting or re-entry prompt stands in the way once the PIN is captured.

Defending Against the VaultJacking Threat

Security professionals should treat this as an accepted-design trade-off rather than an unpatched bug awaiting a vendor fix. Phishu outlined several practical steps organizations and individuals can take to reduce their exposure.

First, avoid using a work Chrome profile to store personal site credentials. A work-targeted phishing agent that captures Google session flows exposes the personal vault alongside work credentials, and the attacker does not distinguish between them.

Second, use a dedicated Chrome profile to store personal site credentials and passkeys separately. Third, deploy on-premises password managers for environments that never interact with Google Sync, as these are not affected by VaultJacking.

Fourth, train users to treat notifications like new passkey added or new sign-in on Windows as authentication events worth verifying every time. These are the only visible outward signals the attack produces.

Organizations that have deployed passkeys without also enforcing authentication-resistant monitoring and security-domain governance are already operating against this exact threat model.

The right response is not to abandon passkeys but to deploy tighter tiering and actively monitor the sync-layer architecture. The attack surface lives at the policy and monitoring layer. That is where defenders need to focus their attention.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.