Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Digital thieves are celebrating their victory over a new security feature.
Developers of popular infostealers have told customers that they have learned how to bypass Chrome's App-Bound Encryption feature and collect authentication cookies that were previously returned encrypted.
A new security feature was added to Chrome 127 in July and is designed to encrypt data related to the browser's process. Such data can only be decrypted from an administrator account. Malware developers have been actively looking for ways to bypass the barrier over the past 2 months. Some injected malicious code directly into the Chrome process or exploited privilege escalation vulnerabilities to gain access to administrator privileges. Now Lumar, Lumma, Meduza, Vidar, and WhiteSnake infostealers have new bypass capabilities.
Google understood that the App-Bound Encryption feature was not a panacea, and attackers would eventually find ways to bypass it. However, the company decided to implement it because it knew that attempts to circumvent it would make the actions of infostealers more visible to antivirus software. As Google explains, "Because the App-Bound service works with system privileges, hackers need more than just get the user to run a malicious application. The malware now has to gain system privileges or inject code into Chrome, making their actions more suspicious to antivirus software and increasing the likelihood of detection".
Over the past month, infostealers have been increasingly used to hack and distribute ransomware, which has forced Google's security team to pay more attention to protecting data in the browser. While the App-Bound Encryption feature only works for cookies at the moment, the company plans to expand it to include passwords, payment data, and other authentication tokens stored in Chrome.
In addition, Google is developing another new security feature called Device Bound Session Credentials (DBSC), which will be tested by the end of the year and will use cryptographic keys tied to a user's device to encrypt passwords and cookie data.
The new security feature is expected to be supported on about half of all Chrome desktop devices and will be fully aligned with Chrome's phase-out of third-party cookies. Chrome said that once fully implemented, consumers and enterprise users will automatically receive improved security for their Google accounts.
Source
Developers of popular infostealers have told customers that they have learned how to bypass Chrome's App-Bound Encryption feature and collect authentication cookies that were previously returned encrypted.
A new security feature was added to Chrome 127 in July and is designed to encrypt data related to the browser's process. Such data can only be decrypted from an administrator account. Malware developers have been actively looking for ways to bypass the barrier over the past 2 months. Some injected malicious code directly into the Chrome process or exploited privilege escalation vulnerabilities to gain access to administrator privileges. Now Lumar, Lumma, Meduza, Vidar, and WhiteSnake infostealers have new bypass capabilities.
Google understood that the App-Bound Encryption feature was not a panacea, and attackers would eventually find ways to bypass it. However, the company decided to implement it because it knew that attempts to circumvent it would make the actions of infostealers more visible to antivirus software. As Google explains, "Because the App-Bound service works with system privileges, hackers need more than just get the user to run a malicious application. The malware now has to gain system privileges or inject code into Chrome, making their actions more suspicious to antivirus software and increasing the likelihood of detection".
Over the past month, infostealers have been increasingly used to hack and distribute ransomware, which has forced Google's security team to pay more attention to protecting data in the browser. While the App-Bound Encryption feature only works for cookies at the moment, the company plans to expand it to include passwords, payment data, and other authentication tokens stored in Chrome.
In addition, Google is developing another new security feature called Device Bound Session Credentials (DBSC), which will be tested by the end of the year and will use cryptographic keys tied to a user's device to encrypt passwords and cookie data.
The new security feature is expected to be supported on about half of all Chrome desktop devices and will be fully aligned with Chrome's phase-out of third-party cookies. Chrome said that once fully implemented, consumers and enterprise users will automatically receive improved security for their Google accounts.
Source
