Security experts are alerting users about a new information-stealing malware called Glove Stealer that can bypass Chrome’s App Bound encryption.
Threat actors’ goal is to steal cookies on the browser. It behaves simply and does not feature a lot of obfuscation which means it’s still in its early stage.
The threat actors make use of social engineering similar to those seen inside the ClickFix infection chain. This is where users are tricked into downloading malware through fake error windows inside HTML files linked to phishing attacks.
It performs actions via extraction and exfiltration of cookies inside Chrome, Brave, Opera, and Edge browsers. It can even carry out the theft of crypto wallets through browser extensions or 2FA session tokens seen on Authenticator apps. The same is the case for passwords found on other password managers and systems.
The initiative makes use of the most basic forms of cookie-stealing activities that were seen in July. This is done via Chrome’s own Windows service for decryption and retrieval of App-based encrypted keys.
It all seems impressive in print but experts did agree that it’s just too early in its developmental stage to cause serious destruction. Most info stealers used this technique ages ago for cookie stealing.
Today, we’ve got several information-stealing malware operations that bypass the latest security feature for customers to steal and decrypt cookies on Google Chrome. The end message from experts is that it’s yet to reach the level that causes a major security dent in the great number of info theft malware campaigns today.
Attacks have been on the rise since the start of July when Google first rolled out encryption based on apps that targeted potential victims through vulnerable drivers, malvertising, and zero-day vulnerabilities.
Image: DIW-AIgen
Read next: Google Might Let Users Hide Their Real Email Address From Android Apps
Threat actors’ goal is to steal cookies on the browser. It behaves simply and does not feature a lot of obfuscation which means it’s still in its early stage.
The threat actors make use of social engineering similar to those seen inside the ClickFix infection chain. This is where users are tricked into downloading malware through fake error windows inside HTML files linked to phishing attacks.
It performs actions via extraction and exfiltration of cookies inside Chrome, Brave, Opera, and Edge browsers. It can even carry out the theft of crypto wallets through browser extensions or 2FA session tokens seen on Authenticator apps. The same is the case for passwords found on other password managers and systems.
The initiative makes use of the most basic forms of cookie-stealing activities that were seen in July. This is done via Chrome’s own Windows service for decryption and retrieval of App-based encrypted keys.
It all seems impressive in print but experts did agree that it’s just too early in its developmental stage to cause serious destruction. Most info stealers used this technique ages ago for cookie stealing.
Today, we’ve got several information-stealing malware operations that bypass the latest security feature for customers to steal and decrypt cookies on Google Chrome. The end message from experts is that it’s yet to reach the level that causes a major security dent in the great number of info theft malware campaigns today.
Attacks have been on the rise since the start of July when Google first rolled out encryption based on apps that targeted potential victims through vulnerable drivers, malvertising, and zero-day vulnerabilities.
Read next: Google Might Let Users Hide Their Real Email Address From Android Apps
