Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
www.bleepingcomputer.com Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
4
comments
Looks like another good reason not to ever use Chrome -- even on Mobile.