Info-Stealing Malware Now Includes Google Session Hijacking

Multiple malware-as-a-service information stealers now have the ability to manipulate authentication tokens, granting persistent access to victims’ Google accounts even after password resets. This has been built into the Lumma Stealer since November. Researchers warn of the vulnerability enabling hackers to manipulate the OAuth 2.0 security protocol used for Google-connected account access. The exploit quickly spread among various malware groups, potentially leading to severe impacts on affected users and organisations.