11 mo. ago

Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts

www.bleepingcomputer.com Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.

There is a discussion on Hacker News, but feel free to comment here as well.

Android @lemdro.id ijeff @lemdro.id 11 mo. ago

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

www.bleepingcomputer.com /news/security/malware-abuses-google-oauth-endpoint-to-revive-cookies-hijack-accounts/

0 comments