Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A clever new infostealer malware is able to easily bypass Google Chrome cookie encryption

Google Chrome.

  • Researchers discover Glove Stealer, a new infostealer
  • It can bypass Google's cookie encryption mechanism, introduced last summer
  • Glove Stealer can grab cookies, passwords, and information from add-ons and extensions

Another infostealer able to bypass Google’s Application-Bound (App-Bound) encryption for Chrome, and steal sensitive information from the browser has been discovered.

Researchers at Gen Digital recently found a “relatively simple” infostealer malware the named Glove Stealer that comes with “minimal obfuscation and protection mechanisms”.

This .NET malware is being distributed through the ClickFix infection chain (a fake virus detection popup), and is capable of grabbing plenty of information from Chromium-based browsers (Chrome, Edge, Brave, Opera, and others).

Glove Stealer

The information Glove can grab includes cookies, cryptocurrency wallet information (through browser extensions), 2FA session tokens from Google, Microsoft, and others, password data from Bitwarden, LastPass, KeePass, and more.

"Other than stealing private data from browsers, it also tries to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications," researchers said, according to BleepingComputer. "These extensions and applications typically involve cryptocurrency wallets, 2FA authenticators, password managers, email clients and others."

In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.

However, mere weeks after it was introduced, multiple hackers already claimed to have beaten the feature, introducing bypasses to MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC. At the time, Google said it wasn’t too surprised, or disappointed, by the end result, stating that it forced cybercriminals to change their pattern of behavior into something more predictable.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.