Infostealer malware developers released updates claiming to bypass Google Chrome’s recently introduced feature App-Bound Encryption to protect sensitive data such as cookies.
App-Bound Encryption was introduced in Chrome 127 and is designed to encrypt cookies and stored passwords using a Windows service that runs with system privileges.
This model does not allow infostealer malware, which runs with the permissions of the logged user, to steal secrets stored in Chrome browser.
To bypass this protection, the malware would need system privileges or to inject code into Chrome, both noisy actions that are likely to trigger warnings from security tools,
said Will Harris of the Chrome security team.
However, security researchers
g0njxa and also
RussianPanda9xx obseerved multiple infostealer developers boasting that they have implemented a working bypass for their tools (
MeduzaStealer,
Whitesnake,
Lumma Stealer,
Lumar (PovertyStealer),
Vidar Stealer,
StealC).
It appears that at least some of the claims are real, as g0njxa confirmed for BleepingComputer that the latest variant of Lumma Stealer can bypass the encryption feature in Chrome 129, the currently the most recent version of the browser.
