Google: Persistent Google Account Hijack Threat: Malware Evades Password Reset, Posing Ongoing Security Challenge for Users

PRISMA threat group initially deployed a malicious exploit targeting Windows computers to hijack Google accounts and collect data, even after password changes. The malware focuses on Google’s MultiLogin endpoint and extracts the login token. While Google has secured compromised accounts and suggests mitigative steps for users, various cyber threat groups continue to utilise this exploit, causing concern for the cybersecurity community due to its evolving nature.