The Google OAuth2 vulnerability is being actively exploited by attackers, according to researchers. Malware distribution groups have been using this vulnerability to manipulate authentication tokens, providing persistent access to victims’ Google accounts. The exploitation technique involves using blackboxing to hide the malicious activity from users. This vulnerability can have severe consequences for affected users and organizations, allowing threat actors to abuse Google accounts and access various services connected to Google. The exploit has been rapidly spreading among various malware groups, posing a significant threat to online security. This information was reported by cybersecurity firm CloudSEK.