Hackers have allegedly found a way to bypass Google’s new security measures designed to protect users from infostealer malware.
Despite the tech giant’s efforts, multiple hackers claim they’ve already cracked the protection, just two months after its introduction.
In July 2024, Google released Chrome 127 with a new feature called App-Bound Encryption.
This tool was supposed to safeguard sensitive data stored in the Chrome browser, such as passwords, cookies, and authentication tokens, by ensuring that only the app that created the data could decrypt it.
The feature was seen as a major step forward in protecting users from infostealers — malicious programs that steal stored data.
However, according to reports, hackers didn’t take long to bypass this new system. Some of the most notorious infostealer malware, including MeduzaStealer, Whitesnake, Lumma Stealer, Vidar, and StealC, have reportedly implemented methods that allow them to break through Chrome’s new protection.
The developers of these malware strains claim their tools can now access encrypted data stored in Chrome with ease, dealing a blow to Google’s security efforts.
Security Breach in Chrome: Infostealers Strike Back
Infostealers are designed to extract personal information from devices, especially web browsers like Chrome, Firefox, and others.
Many users store their passwords, payment information, and even cryptocurrency wallet data in their browsers for convenience. Unfortunately, these very practices make them prime targets for cybercriminals.
By stealing browser cookies, hackers can potentially access accounts and services even if they are protected by Multi-Factor Authentication (MFA), which is usually seen as a strong security layer.
The threat of such malware has become a significant concern, particularly for those using online banking, payment platforms, and cryptocurrency exchanges.
Lumma Stealer, one of the malware developers, even bragged about its success in bypassing Chrome’s encryption.
According to their statement, they’ve “added a new method of collecting Chrome cookies” that does not require admin rights or a browser restart.
This development not only simplifies their hacking process but also reduces the risk of detection by antivirus software, allowing hackers to increase their success rate.
Chrome’s Security Measures Under Fire
Chrome 127 was heralded as a big leap for browser security when it was launched. The App-Bound Encryption feature was aimed at restricting the accessibility of encrypted data to only the app that generated it.
This was supposed to make it harder for malware to exfiltrate important information. But it seems that cybercriminals were quick to adapt.
In a recent update, reports suggest that the latest version, Chrome 129, may also be vulnerable to these bypass methods.
Although Google has not yet officially commented on this development, users are urged to remain cautious and take extra measures to protect their data.
How to Stay Safe from Infostealers
With hackers evolving their techniques, here are some essential tips to protect yourself from browser-based info stealers:
- Use Strong, Unique Passwords: Avoid storing passwords in your browser and use a dedicated password manager instead.
- Enable Multi-Factor Authentication (MFA): While not foolproof, MFA adds an extra layer of security to your online accounts.
- Regular Software Updates: Always keep your browser and operating system up to date to stay protected against known vulnerabilities.
- Use Trusted Security Software: Invest in reliable antivirus or anti-malware solutions that can detect and prevent infostealers.
- Limit Extensions: Be cautious with browser extensions, especially those related to financial services or cryptocurrency wallets.
While Chrome’s App-Bound Encryption was a promising addition to browser security, recent developments show that cybercriminals are always looking for new ways to exploit any vulnerabilities.
Google will likely respond to these bypass claims with further updates and improvements to Chrome’s security infrastructure. In the meantime, users must adopt a proactive approach to safeguard their sensitive information.