September 24, 2024 at 01:35PM
Infostealer malware developers claimed to bypass Google Chrome’s App-Bound Encryption feature, aiming to protect sensitive data like cookies. While the model prevents infostealer malware from stealing secrets stored in Chrome, security researchers observed multiple developers boasting about implementing a working bypass. Latest tests confirmed some malware variants can bypass the encryption in Chrome 129.
The meeting notes indicate that infostealer malware developers have claimed to bypass Google Chrome’s App-Bound Encryption feature to steal sensitive data such as cookies. Despite it being designed to encrypt cookies and stored passwords using a Windows service with system privileges, certain malware like Lumma Stealer have been reported to successfully bypass this encryption in the latest version of Chrome 129. These developers have implemented various methods, such as requiring admin rights or injecting code to achieve the bypass. Furthermore, the claim that it took only 10 minutes to reverse the encryption by the authors of Rhadamanthys malware raises concerns about the effectiveness of the encryption. BleepingComputer has reached out to Google for comment, but a response is pending.