Security News > 2024 > January > Google: Malware abusing API is standard token theft, not an API issue
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
Last week, cybersecurity firm CloudSEK revealed that these information-stealing malware operations are abusing a Google OAuth "MultiLogin" API endpoint to generate new, working authentication cookies when a victim's original stolen Google cookies expire.
BleepingComputer's attempts to learn more about this API from Google have been unsuccessful, and the only documentation can be found in Google Chrome's source code.
Sources familiar with this issue have told BleepingComputer that Google believes the API is working as intended and and that no vulnerability is being exploited by the malware.
Doing so will invalidate the Refresh token and make it unusable with the API. As the info-stealing malware stole your credentials, you should also change your Google password out of caution, especially if you use the same credentials at other sites.
"In the meantime, users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads," Google further recommends.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)