A new type of malware is exploiting an undocumented Google OAuth endpoint, MultiLogin, to gain unauthorized access to Google accounts without the need for a password. This malware allows for session persistence and cookie generation, enabling access even after a password reset. The exploit has been reported by various sources in the cybersecurity and technology domains, highlighting the potential threat it poses to user security.
Cybercriminals find new way to access Google accounts without password: report A new type of malware that uses third-party cookies to gain unauthorised access to people's private data is already being actively tested by hacking groups. https://t.co/052tkkSq2L
There is a new malware in the wild that basically let an attacker to access your Google account without knowing your password. (link in first reply) The exploit is using a non-documented Google endpoint called MultiLogin (an endpoint that lets you sync accounts via services).… https://t.co/HJAEQ8G4WO
Google offers surprising security advice for Gmail users. https://t.co/89c2sjyV2A https://t.co/Xh7dF49RQB
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset: https://t.co/AnfpD1aD9k by The Hacker News #infosec #cybersecurity #technology #news
🔒 ALERT: Information-stealing malware exploits an undocumented #Google OAuth endpoint, MultiLogin, to hijack user sessions. This allows for session persistence and cookie generation, maintaining access even after a password reset. Read: https://t.co/b19m7WkqxI #cybersecurity
This sneaky malware lets hackers access Google accounts without a password — here's how https://t.co/Z6ZpaxOryh https://t.co/RO9TFF02iI
[Update: Google responds] New malware restores cookies to break into your Google Account https://t.co/k6q81hYX5G
Google Password Resets Not Enough To Stop These Info-Stealing Malware Strains https://t.co/Jpo9rlLZ4b
Google password resets not enough to stop these info-stealing malware strains https://t.co/456jsyFggX
Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies: https://t.co/H2PZcGiyuj by Security Affairs #infosec #cybersecurity #technology #news