A clever new infostealer malware is able to easily bypass Google Chrome cookie encryption
Google’s Application-Bound encryption is broken once again.
Researchers discover Glove Stealer, a new infostealerIt can bypass Google’s cookie encryption mechanism, introduced last summerGlove Stealer can grab cookies, passwords, and information from add-ons and extensions
Another infostealer able to bypass Google’s Application-Bound (App-Bound) encryption for Chrome, and steal sensitive information from the browser has been discovered.
Researchers at Gen Digital recently found a “relatively simple” infostealer malware the named Glove Stealer that comes with “minimal obfuscation and protection mechanisms”.
This .NET malware is being distributed through the ClickFix infection chain (a fake virus detection popup), and is capable of grabbing plenty of information from Chromium-based browsers (Chrome, Edge, Brave, Opera, and others).
Glove Stealer
The information Glove can grab includes cookies, cryptocurrency wallet information (through browser extensions), 2FA session tokens from Google, Microsoft, and others, password data from Bitwarden, LastPass, KeePass, and more.
“Other than stealing private data from browsers, it also tries to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications,” researchers said, according to BleepingComputer. “These extensions and applications typically involve cryptocurrency wallets, 2FA authenticators, password managers, email clients and others.”
In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.
However, mere weeks after it was introduced, multiple hackers already claimed to have beaten the feature, introducing bypasses to MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC. At the time, Google said it wasn’t too surprised, or disappointed, by the end result, stating that it forced cybercriminals to change their pattern of behavior into something more predictable.
Via BleepingComputer
You might also like
Google Chrome tried to block infostealer malware — but these hackers say they’ve already beaten itHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now