As reported by HackRead, a new threat known as Storm infostealer has emerged, capable of bypassing Google Chrome's encryption to steal sensitive user data, including cryptocurrency wallet information and private account credentials.Discovered by Varonis Threat Labs, Storm infostealer operates as a malicious subscription service, targeting multiple browsers like Chrome, Edge, Firefox, and Waterfox. It employs server-side decryption to exfiltrate browser credentials and session cookies without leaving detectable telemetry, thus evading antivirus software. This technique directly counters Google's App-Bound Encryption introduced in Chrome 127.The service is sold to criminal teams, with prices starting at $300 for a seven-day demo. Storm infostealer can hijack active sessions, rendering multi-factor authentication ineffective. Logs indicate victims in India, Brazil, the United States, and the United Kingdom. It also targets messaging apps like Telegram and Discord, and crypto exchanges such as Binance and Coinbase, even capturing screenshots.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




