Storm Infostealer Bypasses Browser Security to Target User Credentials

Severity: High (Score: 63.9)

Sources: Uk.News.Yahoo, Scworld

Summary

A new infostealer named Storm has been identified, capable of bypassing encryption in popular web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox. Discovered by Varonis Threat Labs, this malicious service can remotely decrypt browser credentials and session cookies, rendering two-factor authentication ineffective. Storm operates as a subscription service, with rental prices starting at $300 for a demo. It specifically targets sensitive data, including cryptocurrency wallet information and private account credentials, and is capable of hijacking active sessions. Victims have been reported in countries including India, Brazil, the United States, and the United Kingdom. The infostealer also targets messaging apps and crypto exchanges, capturing screenshots and exfiltrating data without detection. This represents a significant evolution in credential theft techniques, posing a serious risk to users. Current status indicates active exploitation with no known patches available. Key Points: • Storm infostealer can bypass encryption in major browsers, compromising user credentials. • The service is available for rent, making it accessible to a wide range of cybercriminals. • Victims span multiple countries, indicating a global threat landscape.

Key Entities

• Malware (attack_type)
• Binance (company)
• Coinbase (company)
• Brazil (country)
• India (country)
• United Kingdom (country)
• United States (country)
• Storm (malware)
• Storm Infostealer (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1055 - Process Injection (mitre_attack)
• T1113 - Screen Capture (mitre_attack)
• T1555.003 - Credentials From Web Browsers (mitre_attack)
• Google Chrome (tool)
• Microsoft Edge (platform)
• Mozilla Firefox (platform)
• Waterfox (platform)