Malware Circumvents Google Chrome’s App-Specific Encryption

Resources
Malware Circumvents Google Chrome’s App-Specific Encryption

Published:

Written by: Staff Editor
spot_img

Advanced Malware Discovered Bypassing Chrome’s App-Bound Encryption

Emerging Malware Threat Bypasses Chrome’s App-Bound Encryption

In a groundbreaking discovery, researchers from Cyble have unveiled a sophisticated malware attack that ingeniously circumvents Google Chrome’s App-Bound Encryption, a security measure designed to protect user cookies from infostealer malware. The recent findings, detailed in a blog post this week, reveal that this advanced threat could potentially compromise user accounts and sensitive information.

The attack employs dual injection techniques, cunningly disguising malicious files to evade detection. Cyble’s analysis highlights that attackers hide a malicious LNK file within a ZIP file designed to look like a PDF. Additionally, they manipulate a malicious XML project file to appear as a harmless PNG image, tricking unsuspecting users into executing the payload.

Central to the malware’s effectiveness is its ability to leverage fileless execution and scheduled task persistence. Once activated, the malware utilizes Microsoft Build Engine (MSBuild.exe) to deploy harmful C# code directly in memory, making detection incredibly challenging, according to the researchers. Notably, the double injection technique—combining Process Injection and Reflective DLL Injection—allows the malware to operate stealthily without leaving traces on the disk.

Targeting organizations in Vietnam, particularly in the telemarketing and sales sectors, the malware uses the Telegram Web API for command and control, enabling the threat actor to dynamically change communication channels. This connection allows for a range of malicious activities, including bypassing Chrome App-Bound Encryption to steal sensitive data, including cookies and login credentials.

Cyble advises organizations to implement robust security measures, including user training, strict email attachment filtering, and application whitelisting, to mitigate risks associated with this sophisticated threat. The full analysis contains vital insights into the malware’s infection chain and mitigation strategies, underscoring the imperative for enhanced digital vigilance.

spot_img

Related articles

Recent articles

HPE Releases Security Patch for StoreOnce to Fix Remote Authentication Bypass Vulnerability

Global
HPE Releases Security Patches for Vulnerabilities in StoreOnce Hewlett Packard Enterprise (HPE) has taken proactive steps to address significant vulnerabilities in its StoreOnce data backup...
Read more

Rising Dark Web Threats Demand Improved Account Validation

Dark Watch
Enhancing Account Validation in Financial Services With the rise of digital transactions, the importance of robust account validation has escalated dramatically. A recent statement from...
Read more

BreachForums Makes Surprise Comeback After Major Overhaul

Global
BreachForums Makes a Comeback: A New Beginning for the Hacking Community The Return of BreachForums BreachForums, a well-known platform on both the dark and clear web,...
Read more

UAE Defense Firm Secures $2.45 Billion Missile Boat Contract with Kuwait

Regional
UAE's EDGE Signs Major Naval Contract with Kuwait UAE defense company EDGE has recently announced a significant milestone in its maritime operations: a contract worth...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com