Android

Scammers are now abusing Google OAuth to send phishing emails

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” address ...
Ars Technica

Don’t trust OAuth: Why the “Google Docs” worm was so convincing

You really think someone would just go on the Internet and tell lies? An evil phishing worm masquerading as “Google Docs” took the Internet by storm today. It sent an e-mail claiming to be from a ...
Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...