"Persistent Malware Exploits Google OAuth to Hijack Accounts Despite Password Resets"
Cybercriminals are exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing them to maintain access to Google services even after victims reset their passwords. The exploit has been adopted by various malware-as-a-service families, enabling them to persistently steal information. Google has acknowledged the issue and stated that users can invalidate stolen sessions by logging out of the affected browser or remotely via the user's devices page. Enhanced Safe Browsing and regular monitoring of account activity are recommended to users for additional security. The situation underscores the need for advanced security measures to combat sophisticated cyber threats.
- Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset The Hacker News
- Google password resets not enough to stop these info-stealing malware strains The Register
- Attackers Abuse Google OAuth Endpoint to Hijack User Sessions Attackers Abuse Google OAuth Endpoint to Hijack User Sessions DARKReading
- Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts BleepingComputer
- Dangerous new malware uses cookies to break into Google accounts Android Police
Reading Insights
0
1
3 min
vs 4 min read
84%
613 → 100 words
Want the full story? Read the original article
Read on The Hacker News