Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Dec. 29, 2023, 4:13 p.m. | Bill Toulas

BleepingComputer www.bleepingcomputer.com

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [...]

abusing account accounts authentication authentication cookies cookies endpoint expired families google hijack information log malware oauth password reset restore revive security stealing undocumented

Visit resource

More from www.bleepingcomputer.com / BleepingComputer

Kaspersky releases free tool that scans Linux for known threats 15 hours ago | www.bleepingcomputer.com

free free tool kaspersky linux +13

Google Chrome change that weakens ad blockers begins June 3rd 16 hours ago | www.bleepingcomputer.com

ad blockers change chrome extensions +6

Live Nation finally confirms massive Ticketmaster data breach 1 day, 9 hours ago | www.bleepingcomputer.com

breach cloud cloud database data +12

Ticketmaster confirms massive breach after stolen data for sale online 1 day, 9 hours ago | www.bleepingcomputer.com

breach cloud cloud database data +13

DMM Bitcoin warns that hackers stole $300 million in Bitcoin 1 day, 9 hours ago | www.bleepingcomputer.com

bitcoin btc cryptocurrency cryptocurrency heist +10

CISA warns of actively exploited Linux privilege elevation flaw 1 day, 11 hours ago | www.bleepingcomputer.com

actively exploited agency amp catalog +16

Snowflake account hacks linked to Santander, Ticketmaster breaches 1 day, 13 hours ago | www.bleepingcomputer.com

account accounts actor breaches +16

Europol identifies 8 cybercriminals tied to malware loader botnets 1 day, 14 hours ago | www.bleepingcomputer.com

botnets cybercriminals droppers eight +13

ShinyHunters claims Santander breach, selling data for 30M customers 1 day, 15 hours ago | www.bleepingcomputer.com

account actor bank breach +13

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com

all InfoSec news

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

More from www.bleepingcomputer.com / BleepingComputer

Jobs in InfoSec / Cybersecurity

CyberSOC Technical Lead

Cyber Security Strategy Consultant

Cyber Security Senior Consultant

Sr. Product Manager

Corporate Intern - Information Security (Year Round)

Senior Offensive Security Engineer