Advanced Malware Discovered Bypassing Chrome’s App-Bound Encryption
Emerging Malware Threat Bypasses Chrome’s App-Bound Encryption
In a groundbreaking discovery, researchers from Cyble have unveiled a sophisticated malware attack that ingeniously circumvents Google Chrome’s App-Bound Encryption, a security measure designed to protect user cookies from infostealer malware. The recent findings, detailed in a blog post this week, reveal that this advanced threat could potentially compromise user accounts and sensitive information.
The attack employs dual injection techniques, cunningly disguising malicious files to evade detection. Cyble’s analysis highlights that attackers hide a malicious LNK file within a ZIP file designed to look like a PDF. Additionally, they manipulate a malicious XML project file to appear as a harmless PNG image, tricking unsuspecting users into executing the payload.
Central to the malware’s effectiveness is its ability to leverage fileless execution and scheduled task persistence. Once activated, the malware utilizes Microsoft Build Engine (MSBuild.exe) to deploy harmful C# code directly in memory, making detection incredibly challenging, according to the researchers. Notably, the double injection technique—combining Process Injection and Reflective DLL Injection—allows the malware to operate stealthily without leaving traces on the disk.
Targeting organizations in Vietnam, particularly in the telemarketing and sales sectors, the malware uses the Telegram Web API for command and control, enabling the threat actor to dynamically change communication channels. This connection allows for a range of malicious activities, including bypassing Chrome App-Bound Encryption to steal sensitive data, including cookies and login credentials.
Cyble advises organizations to implement robust security measures, including user training, strict email attachment filtering, and application whitelisting, to mitigate risks associated with this sophisticated threat. The full analysis contains vital insights into the malware’s infection chain and mitigation strategies, underscoring the imperative for enhanced digital vigilance.