Malware is exploiting an undocumented Google OAuth endpoint called MultiLogin, allowing attackers to maintain access to Google services even after a password reset. The exploit, revealed by a threat actor named PRISMA and incorporated into various malware-as-a-service (MaaS) stealer families, enables session persistence and cookie generation. Specifically targeting Chrome’s token_service table, the malware extracts tokens and account IDs of logged-in Chrome profiles. Google acknowledged the attack method but stated that users can revoke stolen sessions by logging out of the affected browser. Enhanced Safe Browsing in Chrome is recommended for protection against phishing and malware downloads.
Trending
Kenya Faces Tax Shake-Up: Impact on Digital Services & Startups
East Africa Internet Outage: Undersea Cable Breaks Disrupt Connectivity
Zimbabwe Politician’s Son Arrested for Illegally Possessing Starlink Terminal
Airtel Africa’s Mobile Money IPO: Expanding Horizons in 2025
Unveiling Africa’s Top Ten Tech Sectors: Transforming Industries and Empowering Communities
Building Investment-Worthy Startups: Strategies for Success
WhatsApp Introduces Chat Filters: Streamlining Message Management for Users
Unraveling Bitcoin’s Energy Appetite: Understanding Mining and Environmental Impact
Baobab Network Acquires Reflector Marketing: Boosting Support for African Startups
Google rolls out Gemini in Android Studio for coding assistance