Malware Circumvents Google Chrome’s App-Specific Encryption

Resources
Malware Circumvents Google Chrome’s App-Specific Encryption

Published:

Written by: Staff Editor
spot_img

Advanced Malware Discovered Bypassing Chrome’s App-Bound Encryption

Emerging Malware Threat Bypasses Chrome’s App-Bound Encryption

In a groundbreaking discovery, researchers from Cyble have unveiled a sophisticated malware attack that ingeniously circumvents Google Chrome’s App-Bound Encryption, a security measure designed to protect user cookies from infostealer malware. The recent findings, detailed in a blog post this week, reveal that this advanced threat could potentially compromise user accounts and sensitive information.

The attack employs dual injection techniques, cunningly disguising malicious files to evade detection. Cyble’s analysis highlights that attackers hide a malicious LNK file within a ZIP file designed to look like a PDF. Additionally, they manipulate a malicious XML project file to appear as a harmless PNG image, tricking unsuspecting users into executing the payload.

Central to the malware’s effectiveness is its ability to leverage fileless execution and scheduled task persistence. Once activated, the malware utilizes Microsoft Build Engine (MSBuild.exe) to deploy harmful C# code directly in memory, making detection incredibly challenging, according to the researchers. Notably, the double injection technique—combining Process Injection and Reflective DLL Injection—allows the malware to operate stealthily without leaving traces on the disk.

Targeting organizations in Vietnam, particularly in the telemarketing and sales sectors, the malware uses the Telegram Web API for command and control, enabling the threat actor to dynamically change communication channels. This connection allows for a range of malicious activities, including bypassing Chrome App-Bound Encryption to steal sensitive data, including cookies and login credentials.

Cyble advises organizations to implement robust security measures, including user training, strict email attachment filtering, and application whitelisting, to mitigate risks associated with this sophisticated threat. The full analysis contains vital insights into the malware’s infection chain and mitigation strategies, underscoring the imperative for enhanced digital vigilance.

spot_img

Related articles

Recent articles

Fraudulent Recruiter Emails Target CFOs Worldwide Using Legitimate NetBird Tool

Global
New Spear-Phishing Campaign Targets Financial Executives Overview of the Threat Recent findings from cybersecurity experts have revealed a sophisticated spear-phishing campaign targeting Chief Financial Officers (CFOs)...
Read more

Eid Al Adha 2025: Holiday Announcements for UAE, Saudi Arabia, Qatar, Oman, Kuwait, and Bahrain

Regional
Dates for the 2025 Eid Al Adha Holidays Across the Gulf Cooperation Council (GCC) The dates for the 2025 Eid Al Adha holidays have recently...
Read more

Protect Yourself: Safeguarding Against Scams as Bitcoin’s Value Rises

Global
Navigating the Crypto Landscape: Staying Safe Amidst Scams In late May, Bitcoin achieved an impressive milestone, reaching a value of $174,235. However, with such triumphs...
Read more

Bespin Global’s Mission: Transforming Public Sector Enterprises to the Cloud

Knowledge Hub
Navigating the Cloud: Bespin Global's Vision for Public Sector Transformation In an era where digital solutions are paramount, Bespin Global is emerging as a crucial...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com