Malware Circumvents Google Chrome’s App-Specific Encryption

Resources
Malware Circumvents Google Chrome’s App-Specific Encryption

Published:

Written by: Staff Editor
spot_img

Advanced Malware Discovered Bypassing Chrome’s App-Bound Encryption

Emerging Malware Threat Bypasses Chrome’s App-Bound Encryption

In a groundbreaking discovery, researchers from Cyble have unveiled a sophisticated malware attack that ingeniously circumvents Google Chrome’s App-Bound Encryption, a security measure designed to protect user cookies from infostealer malware. The recent findings, detailed in a blog post this week, reveal that this advanced threat could potentially compromise user accounts and sensitive information.

The attack employs dual injection techniques, cunningly disguising malicious files to evade detection. Cyble’s analysis highlights that attackers hide a malicious LNK file within a ZIP file designed to look like a PDF. Additionally, they manipulate a malicious XML project file to appear as a harmless PNG image, tricking unsuspecting users into executing the payload.

Central to the malware’s effectiveness is its ability to leverage fileless execution and scheduled task persistence. Once activated, the malware utilizes Microsoft Build Engine (MSBuild.exe) to deploy harmful C# code directly in memory, making detection incredibly challenging, according to the researchers. Notably, the double injection technique—combining Process Injection and Reflective DLL Injection—allows the malware to operate stealthily without leaving traces on the disk.

Targeting organizations in Vietnam, particularly in the telemarketing and sales sectors, the malware uses the Telegram Web API for command and control, enabling the threat actor to dynamically change communication channels. This connection allows for a range of malicious activities, including bypassing Chrome App-Bound Encryption to steal sensitive data, including cookies and login credentials.

Cyble advises organizations to implement robust security measures, including user training, strict email attachment filtering, and application whitelisting, to mitigate risks associated with this sophisticated threat. The full analysis contains vital insights into the malware’s infection chain and mitigation strategies, underscoring the imperative for enhanced digital vigilance.

spot_img

Related articles

Recent articles

Melbourne Hospitals Hit by Cyberattacks, Patient Data Compromised on Dark Web

Dark Watch
Concerns Rise as Patient Data Security is Compromised Shocking Breaches in Healthcare Data Security A patient is voicing concerns after discovering that a hacker may have...
Read more

Citrix Bleed 2: Token Theft Vulnerability and SAP GUI Flaws Endanger Sensitive Data

Global
Recent SAP GUI Vulnerabilities Highlight Data Security Concerns Cybersecurity researchers have identified significant vulnerabilities in the SAP Graphical User Interface (GUI) that pose risks to...
Read more

Suprema Unveils Innovative Access Control Solutions for Enhanced Security and Flexibility

Knowledge Hub
Suprema Unveils Innovative Access Control Solutions In an era where security is paramount, Suprema has taken a significant stride forward with the introduction of its...
Read more

Cybersecurity Experts Reveal Key Threats and Challenges in Latest Report

Regional
Key Insights from the 2025 Cybersecurity Assessment Report Bitdefender, a prominent player in global cybersecurity, recently unveiled its 2025 Cybersecurity Assessment Report. This comprehensive document...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com