Researchers: hackers are abusing Google OAuth endpoint "MultiLogin" to restore expired authentication cookies and log into accounts even after a password reset (Bill Toulas/BleepingComputer)

Bill Toulas / BleepingComputer:
Researchers: hackers are abusing Google OAuth endpoint “MultiLogin” to restore expired authentication cookies and log into accounts even after a password reset  —  Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named “MultiLogin” …

from Techmeme https://ift.tt/KPmY4R5