Summary: Information-stealing malware is actively exploiting an undisclosed Google OAuth endpoint called MultiLogin. This technique was initially disclosed by a threat actor named PRISMA on their Telegram channel and has subsequently been integrated into various malware-as-a-service (MaaS) stealer families. Threat Level – Amber | Attack Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on…Read More
Malware Leveraging Google OAuth for Persistent Account Access
