Data Breach

Malwares Using Undocumented OAuth2 Features for Session Hijacking

Parker Bytes January 7, 2024

“Chicken and Chips with a Side of Malware?”

Alright, gather round. Pull up a chair and let’s have a bit of a chin-wag about this topic that’s been buzzing in the cybersecurity and healthcare world. Have you heard about this exploit that caused a ruckus back in October 2023, the one that allows naughty cyber culprits to create Google cookies consistently with a little bit of token manipulation? Yes, that’s the one! Persistently sneaks around even after a user has reset their password. Cheeky, right?

So here’s what happened. There’s this bloke, a developer called PRISMA, who stumbled upon this tricky loophole. Then, as luck would have it, one mischievous chap got hold of the script, rather cleverly reverse-engineered it and wove it into something called the Lumma Infostealer. To add a cherry on top, it was sealed away under some high-level blackboxing techniques. Sounds straight out of a Bond movie, don’t it?

As you can maybe guess, this technobabble wasn’t just a one-off shenanigan. No, siree. This was the spark that set off the fireworks, and before you knew it, this exploit was spreading like wildfire among these groups who are into this sort of dodgy business. They’re like magpies, those lot. Always keeping an eye out for shiny new things to nab.

Here’s where the pot thickens. It wasn’t some amateur show. Word on the street, or rather the hush-hush corners of the secret cybersecurity world, is that some bright sparks, the CloudSEK threat research team, have pinned down the root of this exploit. They’ve shed some light on a little-known Google Oauth endpoint going by the name “MultiLogin.” Got a nifty ring to it, hasn’t it?

Now, all this might sound like mere telly drama to you, but it’s a bit more real-life than that. You see, as hairy as it sounds, this discovery, evolution, and wide-ranging spread of the exploit has thrown a bit of a spanner in the works. Cybersecurity has always been a bit of a cat-and-mouse game, but this exploit has definitely upped the ante. Imagine being able to waltz into someone’s Google accounts, perennially, regardless of how many times passwords are reset! Sends a chill down the spine, eh?

It’s a bit like in healthcare. Just like virus mutations make it more difficult to prevent diseases, this exploit has given cybersecurity a right headache, making it even tougher to keep a lid on these data breaches. I tell you, it’s a bit of a mad, mad, world we live in.

But don’t fret. As alarming as it sounds, remember that every problem breeds a solution. Chances are, every loophole that pops up, every exploit uncovered, we’re a step closer to understanding the beast and ultimately taming it. After all, it’s all about staying one step ahead of the game, isn’t it?

So, my dear friends, next time you’re enjoying a quiet night in, perhaps browsing your favourite healthcare site or peeping into your Google accounts, remember there’s a whole lot of technological warfare going on behind the scenes! There’s never a dull moment, I promise. Now, shall we grab that next round of tea?

by Parker Bytes