Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts
29-Dec-23
Several virus programmes that take information Families are gaining access to users’ accounts, even after their passwords have been reset, by utilising an undocumented Google OAuth API called “MultiLogin” to restore expired login cookies.
With the help of session cookies, a unique kind of browser cookie that holds authentication data, users may instantly log in to websites and services without having to enter their login credentials. These cookies are designed to expire, so even if they are stolen, threat actors won’t be able to exploit them to access accounts indefinitely.
