According to a report presented by CloudSek, a new hacking method has been discovered that allows attackers to exploit the functionality of the Google Oauth 2.0 authorization protocol to compromise Google accounts. This method enables hackers to maintain actual sessions and regenerate session tokens even after changes in IP address or password.
The attack utilizes an undocumented access point of Google Oauth known as “Multilogin,” which was identified by the research team at CloudSek. “Multilogin” is an internal mechanism designed to synchronize Google accounts across various services, ensuring that the account states in the browser with Google authentication are synchronized.
The report highlights that exploit methods are usually categorized and referred to based on the type of vulnerability they exploit, whether they are local or remote, and the resulting impact of the exploit. For example, some exploit schemes may be classified as EOP (Elevation of Privilege), DOS (Denial of Service), or Spulping (a specific type of exploit). One particular type of exploit service is known as Exploit-as-a-Service, which offers zero-day exploits.