Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Malware that steals information is currently using MultiLogin, an undocumented Google OAuth API, to take over user sessions and grant persistent access to Google services even after a password reset.

As per CloudSEK, the crucial vulnerability enables threat actors to sustain access to a legitimate session in an unauthorized way by facilitating cookie formation and session persistence.

On October 20, 2023, a threat actor going by the handle PRISMA initially disclosed the method on their Telegram channel. Since then, it has been included in several malware-as-a-service (MaaS) stealer families, including RisePro, Lumma, Rhadamanthys, Stealc, Meduza, and Whitesnake.

When users sign in to their accounts in the Chrome web browser, the MultiLogin authentication endpoint is primarily intended to synchronize Google accounts read more Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *