A clever new infostealer malware is able to easily bypass Google Chrome cookie encryption

(Image credit: Monticello / Shutterstock)

Researchers discover Glove Stealer, a new infostealer
It can bypass Google's cookie encryption mechanism, introduced last summer
Glove Stealer can grab cookies, passwords, and information from add-ons and extensions

Another infostealer able to bypass Google’s Application-Bound (App-Bound) encryption for Chrome, and steal sensitive information from the browser has been discovered.

Researchers at Gen Digital recently found a “relatively simple” infostealer malware the named Glove Stealer that comes with “minimal obfuscation and protection mechanisms”.

This .NET malware is being distributed through the ClickFix infection chain (a fake virus detection popup), and is capable of grabbing plenty of information from Chromium-based browsers (Chrome, Edge, Brave, Opera, and others).

Glove Stealer

The information Glove can grab includes cookies, cryptocurrency wallet information (through browser extensions), 2FA session tokens from Google, Microsoft, and others, password data from Bitwarden, LastPass, KeePass, and more.

"Other than stealing private data from browsers, it also tries to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications," researchers said, according to BleepingComputer. "These extensions and applications typically involve cryptocurrency wallets, 2FA authenticators, password managers, email clients and others."

In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.

However, mere weeks after it was introduced, multiple hackers already claimed to have beaten the feature, introducing bypasses to MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC. At the time, Google said it wasn’t too surprised, or disappointed, by the end result, stating that it forced cybercriminals to change their pattern of behavior into something more predictable.

Via BleepingComputer

Google Chrome tried to block infostealer malware — but these hackers say they've already beaten it
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.