marry 25.09.2024, 12:30 PM
Infostealer malware developers claim that Chrome’s recently introduced App-Bound Encryption feature, which is supposed to protect sensitive data such as cookies, can be bypassed. App-Bound Encryption was introduced in early August in Chrome 127 and should protect cookies and passwords stored in the browser.
This feature prevents malware, which is launched with the permissions of logged-in users, from stealing sensitive data stored in the Chrome browser.
To bypass this protection, the malware needs system privileges or code injection into Chrome, but these are “noisy” actions that are likely to trigger warnings from security tools, said Will Harris of the Chrome security team.
However, several infostealer developers boast on forums that they have implemented a feature in their malware that bypasses this Chrome protection (MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar Stealer, StealC), and it seems that the claims of at least some of them have been confirmed by researchers security.
One of them, a woman, confirmed it BleepingComputeru that the latest variant of Lumma Stealer can bypass the encryption feature in Chrome 129, the current latest version of the browser, on Windows 10 Pro.
Lumar developers responded to App-Bound Encryption by implementing a workaround that required running the malware with administrator rights, but followed with a bypass mechanism that works with logged-in user privileges.
How exactly the bypass of App-Bound Encryption is achieved is currently unclear, but the authors of the Rhadamanthis malware commented that it took them 10 minutes to solve the encryption problem.
Google has not yet commented on these allegations.
Source: www.informacija.rs
