Malware is exploiting an undocumented Google OAuth endpoint called MultiLogin, allowing attackers to maintain access to Google services even after a password reset. The exploit, revealed by a threat actor named PRISMA and incorporated into various malware-as-a-service (MaaS) stealer families, enables session persistence and cookie generation. Specifically targeting Chrome’s token_service table, the malware extracts tokens and account IDs of logged-in Chrome profiles. Google acknowledged the attack method but stated that users can revoke stolen sessions by logging out of the affected browser. Enhanced Safe Browsing in Chrome is recommended for protection against phishing and malware downloads.
Newsflash
- How a U.S. Law Change Could Impact the Global Internet and Online Freedom
- Telkom Kenya Lands KSh 570M Contract for Open RAN Expansion
- Nvidia CEO: The Future of AI Will Require 100x More Computing Power
- The AI Race Heats Up: Breakthrough Innovations from OpenAI, Google, and China’s Rising Tech Titans
- Google Offers Gemini Code Assist Free to Individual Developers
- Alibaba Unveils Wan 2.1 AI Model to Compete with OpenAI
- Internet Disruptions Hit Nairobi Amid Escalating Feud Between City Hall and Kenya Power
- Epson Appoints New President & CEO to Drive Global Innovation and Growth
- Ethiopian Airlines and Airbus Sign Flight Hour Services Agreement to Boost Fleet Efficiency
- Survey: 58% of Africans Fear Financial Losses from Cybercrime Amid Rising Digital Threats