Malware Leveraging Google OAuth for Persistent Account Access
Malware Leveraging Google OAuth for Persistent Account Access
Summary:
Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service (MaaS) stealer families.
Threat Level – Amber | Attack Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.