"New Malware Exploits Google OAuth to Hijack Accounts and Steal Cookies"
Cybersecurity researchers have discovered that several strains of info-stealing malware can maintain access to compromised Google accounts even after victims change their passwords, due to a zero-day exploit involving Google's OAuth endpoint "MultiLogin." The malware, which targets primarily Windows users, steals session tokens from web browsers, allowing attackers to bypass password changes and continually access victims' emails and cloud storage. The exploit has been adopted by at least six malware families, including Lumma and Rhadamanthys, with Eternity Stealer planning to release an update soon. To prevent exploitation, users must log out completely to invalidate their session tokens. Google has yet to respond to inquiries about their plans to address this security issue.