Malware Leveraging Google OAuth for Persistent Account Access

Threat Level – Amber | Vulnerability Report
Download PDF

Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service (MaaS) stealer families.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox