Google’s attempt to block infostealer malware grabbing data stored in its Chrome browser seems to have been short-lived, with multiple variants claiming to have already successfully bypassed it.
In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.
Now, mere months after it was introduced, the protection mechanism has already been cracked by some of the most popular infostealers out there, BleepingComputer reports, claiming the likes of MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC have all introduced some form of bypass.
Prioritizing impact
Some of the upgrades are also confirmed to be working with Chrome 129, the newest version of the browser available at press time.
"We are aware of the disruption that this new defense has caused to the infostealer landscape and, as we stated in the blog, we expect this protection to cause a shift in attacker behavior to more observables technique such as injection or memory scraping," a Google spokesperson told TechRadar Pro.
"This matches the new behavior we have seen. We continue to work with OS and AV vendors to try and more reliably detect these new types of attacks, as well as continuing to iterate on hardening defenses to improve protection against infostealers for our users."
“Added a new method of collecting Chrome cookies,” Lumma’s developers allegedly told its customers recently. “The new method does not require admin rights and/or restart, which simplifies the crypt build and reduces the chances of detection, and thus increase the knock rate.”
Exfiltrating information from browsers is a key feature for most prominent infostealers out there. Many people save things like passwords, or payment data, inside their browsers for convenience and quick access. Many also use cryptocurrency wallet add-ons for their browsers, as well. By stealing cookies, crooks are even able to log into services protected by multi-factor authentication (MFA). All of this makes browsers one of the most important targets during data theft.
More from TechRadar Pro
- This new phishing attack uses a sneaky infostealer to cause maximum damage
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now