"New Malware Exploits Google OAuth to Hijack Accounts and Steal Cookies"
Cybersecurity researchers have discovered that several strains of info-stealing malware can maintain access to compromised Google accounts even after victims change their passwords, due to a zero-day exploit involving Google's OAuth endpoint "MultiLogin." The malware, which targets primarily Windows users, steals session tokens from web browsers, allowing attackers to bypass password changes and continually access victims' emails and cloud storage. The exploit has been adopted by at least six malware families, including Lumma and Rhadamanthys, with Eternity Stealer planning to release an update soon. To prevent exploitation, users must log out completely to invalidate their session tokens. Google has yet to respond to inquiries about their plans to address this security issue.
- Google password resets not enough to stop these info-stealing malware strains The Register
- Attackers Abuse Google OAuth Endpoint to Hijack User Sessions - Attackers Abuse Google OAuth Endpoint to Hijack User Sessions DARKReading
- Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts BleepingComputer
- Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies Security Affairs
- Dangerous new malware uses cookies to break into Google accounts Android Police
Reading Insights
0
1
3 min
vs 4 min read
83%
658 → 112 words
Want the full story? Read the original article
Read on The Register