Mallox Ransomware Found Evading AMSI Detection Using New PowerShell Script
27-Dec-23
Numerous malware programs that steal information Families are abusing the “MultiLogin” undocumented Google OAuth API to access users’ accounts even after their passwords have been reset by restoring expired authentication cookies. A unique kind of browser cookie called a session cookie holds authentication data, enabling users to instantly log in to websites and services without having to enter their login credentials.
Since these cookies are designed to have a short lifespan, threat actors cannot utilize them to access accounts indefinitely even if they are stolen.x000D BleepingComputer published a story on two identity thieves, Lumma and Rhadamanthys, at the end of November 2023. They claimed to be able to reset Google login cookies that had expired due to hacking.
