New 'LeakyLooker' Flaws in Google Looker Studio Could

What Happened

Cybersecurity researchers have disclosed a set of nine critical vulnerabilities, collectively dubbed “LeakyLooker,” within Google’s Looker Studio business intelligence platform. These flaws could have allowed an attacker to execute arbitrary SQL queries on a victim organization’s connected databases, potentially leading to large-scale data exfiltration across tenant boundaries. In a separate but concurrent threat, a new Android malware family named BeatBanker has been identified. This malware hijacks devices by masquerading as a legitimate Starlink application, distributed through counterfeit websites posing as the official Google Play Store.

Why It Matters

The LeakyLooker vulnerabilities represent a severe threat to data integrity and confidentiality for organizations using Looker Studio for data analytics. Successful exploitation could lead to the compromise of sensitive business intelligence, customer data, and proprietary information stored in connected databases like BigQuery, MySQL, or PostgreSQL. The concurrent emergence of BeatBanker underscores a persistent threat vector: malicious mobile applications that bypass official storefronts. Together, these incidents highlight risks across both cloud data platforms and endpoint devices, stressing the need for comprehensive security postures that address supply chain and credential-based attacks.

Technical Details

The LeakyLooker flaws are cross-tenant vulnerabilities within the Looker Studio service. An attacker could exploit these by crafting malicious requests that trick the platform into executing SQL commands against a target’s linked data sources, bypassing intended access controls. No specific CVE identifiers have been assigned publicly at this time. The BeatBanker malware operates as a banking trojan for Android. It is distributed through phishing sites impersonating the Google Play Store, where users are tricked into downloading a fake “Starlink” app. Upon installation, it seeks extensive permissions to monitor and intercept SMS messages, overlay phishing windows on legitimate banking apps, and gain persistent device access.

Immediate Risk

The risk from LeakyLooker is high for any organization with Looker Studio integrations, as the flaws could permit unauthorized database access without compromising user credentials directly. Organizations should verify that Google has applied patches or mitigations. For BeatBanker, the immediate risk is to Android users who download applications from unofficial sources. The malware’s sophisticated social engineering and app-spoofing capabilities make it a credible threat for financial fraud and device compromise. Both threats require prompt attention, with LeakyLooker demanding urgent validation of cloud configuration and access logs.

Security Insight

These parallel developments illustrate a critical security axiom: the attack surface is both expansive and interconnected. A platform vulnerability like LeakyLooker can expose core data assets, while a endpoint threat like BeatBanker targets user trust and device integrity. Defensively, organizations must enforce strict principle of least privilege on all data platform connections and routinely audit query logs for anomalous activity. For mobile security, continuous user education on the dangers of sideloading apps and the use of mobile threat defense solutions are essential to counter social engineering and unofficial app stores.