Summary: A new sophisticated phishing attack has emerged that exploits a vulnerability in Google’s OAuth infrastructure, allowing cybercriminals to gain access to users’ sensitive information without needing passwords. Security researcher Nick Johnson has raised alarms over this issue, warning that it poses a significant threat to millions of Gmail users. Despite reports to Google, the vulnerability remains unaddressed, putting users at increased risk of compromised accounts and data theft.
Affected: Google Gmail users
Keypoints :
- The attack leverages Google’s OAuth authentication flow, making it difficult to detect as it utilizes authentic Google pages.
- Users authorize access to their information, allowing attackers to read emails and access contacts without needing passwords.
- Experts urge users to review OAuth permissions rigorously and remain vigilant against unsolicited authentication requests.
Source: https://gbhackers.com/cybercriminals-exploit-google-oauth/