"Persistent Malware Exploits Google OAuth to Hijack Accounts Despite Password Resets"
Originally Published 2 years ago — by The Hacker News
Cybercriminals are exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing them to maintain access to Google services even after victims reset their passwords. The exploit has been adopted by various malware-as-a-service families, enabling them to persistently steal information. Google has acknowledged the issue and stated that users can invalidate stolen sessions by logging out of the affected browser or remotely via the user's devices page. Enhanced Safe Browsing and regular monitoring of account activity are recommended to users for additional security. The situation underscores the need for advanced security measures to combat sophisticated cyber threats.