A clever new infostealer malware is able to easily bypass Google Chrome
cookie encryption
Date:
Fri, 15 Nov 2024 12:26:00 +0000
Description:
Googles Application-Bound encryption is broken once again.
FULL STORY ======================================================================Research ers discover Glove Stealer, a new infostealer It can bypass Google's cookie encryption mechanism, introduced last summer Glove Stealer can grab cookies, passwords, and information from add-ons and extensions
Another infostealer able to bypass Googles Application-Bound (App-Bound) encryption for Chrome, and steal sensitive information from the browser has been discovered.
Researchers at Gen Digital recently found a relatively simple infostealer malware the named Glove Stealer that comes with minimal obfuscation and protection mechanisms.
This .NET malware is being distributed through the ClickFix infection chain
(a fake virus detection popup), and is capable of grabbing plenty of information from Chromium-based browsers (Chrome, Edge, Brave, Opera, and others). Glove Stealer
The information Glove can grab includes cookies, cryptocurrency wallet information (through browser extensions), 2FA session tokens from Google, Microsoft, and others, password data from Bitwarden, LastPass, KeePass, and more.
"Other than stealing private data from browsers, it also tries to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications," researchers said, according to BleepingComputer . "These extensions and applications typically involve cryptocurrency wallets, 2FA authenticators, password managers, email clients and others."
In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by
websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.
However, mere weeks after it was introduced, multiple hackers already claimed to have beaten the feature, introducing bypasses to MeduzaStealer,
Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC. At the time, Google said it wasnt too surprised, or disappointed, by the end result, stating that it forced cybercriminals to change their pattern of behavior into something more predictable.
Via BleepingComputer You might also like Google Chrome tried to block infostealer malware but these hackers say they've already beaten it Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-clever-new-infostealer-malware-is-abl e-to-easily-bypass-google-chrome-cookie-encryption
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)