Back

VoidStealer and Infostealers Bypass Chrome's App-Bound Encryption

Severity: High (Score: 71.0)

Sources: Darkreading, www.cyberark.com, www.bleepingcomputer.com, cyberpress.org, Kaspersky

Summary

Malware developers have successfully bypassed Google's App-Bound Encryption (ABE) in Chrome, allowing infostealers like VoidStealer to access sensitive data such as session cookies and credentials. This new method exploits vulnerabilities in the ABE mechanism, which was designed to protect stored data from unauthorized access by requiring system-level privileges. Researchers have confirmed that multiple infostealers, including MeduzaStealer and Lumma Stealer, have implemented effective bypass techniques. The public release of a tool by researcher Alexander Hagenah further increases the risk for users storing sensitive information in Chrome. Google acknowledges the ongoing 'cat and mouse' game with malware developers and continues to enhance its defenses against these evolving threats. Users are advised to be cautious about storing sensitive data in browsers until more robust protections are established. Key Points: • VoidStealer and other infostealers have bypassed Chrome's App-Bound Encryption. • A public tool for bypassing ABE has been released, increasing risks for users. • Google acknowledges ongoing challenges in securing Chrome against infostealer attacks.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Clínic De Barcelona (company)
  • Sun Pharmaceuticals (company)
  • MOVEit Transfer (company)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-94 - Code Injection (cwe)
  • Financial (industry)
  • Healthcare (industry)
  • Amadey (malware)
  • Emotet (malware)
  • IcedID (malware)
  • Lumar (malware)
  • Lumma (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1055 - Process Injection (mitre_attack)
  • T1555.003 - Credentials From Web Browsers (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Brave (platform)
  • Linux (platform)
  • MacOS (platform)
  • Microsoft Edge (platform)
  • Opera (platform)
  • Google Chrome (tool)
  • Chrome-App-Bound-Encryption-Decryption (tool)
  • Alphv/Blackcat (ransomware_group)
  • MOVEit Transfer Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed