Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

A critical exploit affecting Google services that allows threat actors to generate Google cookies continuously has been revealed by CloudSEK’s threat research team. The exploit enables continuous access to Google services even after a password reset. The exploit involves the MultiLogin endpoint, a part of Google’s user authentication process. Infostealer malware Lumma is among the malicious entities utilising the exploit via advanced tactics like token manipulation and encryption.