Malware Circumvents Google Chrome’s App-Specific Encryption

Published:

spot_img

Advanced Malware Discovered Bypassing Chrome’s App-Bound Encryption

Emerging Malware Threat Bypasses Chrome’s App-Bound Encryption

In a groundbreaking discovery, researchers from Cyble have unveiled a sophisticated malware attack that ingeniously circumvents Google Chrome’s App-Bound Encryption, a security measure designed to protect user cookies from infostealer malware. The recent findings, detailed in a blog post this week, reveal that this advanced threat could potentially compromise user accounts and sensitive information.

The attack employs dual injection techniques, cunningly disguising malicious files to evade detection. Cyble’s analysis highlights that attackers hide a malicious LNK file within a ZIP file designed to look like a PDF. Additionally, they manipulate a malicious XML project file to appear as a harmless PNG image, tricking unsuspecting users into executing the payload.

Central to the malware’s effectiveness is its ability to leverage fileless execution and scheduled task persistence. Once activated, the malware utilizes Microsoft Build Engine (MSBuild.exe) to deploy harmful C# code directly in memory, making detection incredibly challenging, according to the researchers. Notably, the double injection technique—combining Process Injection and Reflective DLL Injection—allows the malware to operate stealthily without leaving traces on the disk.

Targeting organizations in Vietnam, particularly in the telemarketing and sales sectors, the malware uses the Telegram Web API for command and control, enabling the threat actor to dynamically change communication channels. This connection allows for a range of malicious activities, including bypassing Chrome App-Bound Encryption to steal sensitive data, including cookies and login credentials.

Cyble advises organizations to implement robust security measures, including user training, strict email attachment filtering, and application whitelisting, to mitigate risks associated with this sophisticated threat. The full analysis contains vital insights into the malware’s infection chain and mitigation strategies, underscoring the imperative for enhanced digital vigilance.

spot_img

Related articles

Recent articles

Fraudulent Recruiter Emails Target CFOs Worldwide Using Legitimate NetBird Tool

New Spear-Phishing Campaign Targets Financial Executives Overview of the Threat Recent findings from cybersecurity experts have revealed a sophisticated spear-phishing campaign targeting Chief Financial Officers (CFOs)...

Eid Al Adha 2025: Holiday Announcements for UAE, Saudi Arabia, Qatar, Oman, Kuwait, and Bahrain

Dates for the 2025 Eid Al Adha Holidays Across the Gulf Cooperation Council (GCC) The dates for the 2025 Eid Al Adha holidays have recently...

Protect Yourself: Safeguarding Against Scams as Bitcoin’s Value Rises

Navigating the Crypto Landscape: Staying Safe Amidst Scams In late May, Bitcoin achieved an impressive milestone, reaching a value of $174,235. However, with such triumphs...

Bespin Global’s Mission: Transforming Public Sector Enterprises to the Cloud

Navigating the Cloud: Bespin Global's Vision for Public Sector Transformation In an era where digital solutions are paramount, Bespin Global is emerging as a crucial...