Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset. [...]
http://dlvr.it/T0lKbW
http://dlvr.it/T0lKbW