Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Infostealers such as Lumma and Rhadamanthys have integrated the generation of persistent Google cookies through token manipulation.