- Researchers discover Glove Stealer, a new infostealer
- It can bypass Google’s cookie encryption mechanism, which was introduced last summer
- Glove Stealer can extract cookies, passwords and information from add-ons and extensions
Another infostealer has been discovered that can bypass Google’s application-specific encryption for Chrome and steal sensitive information from the browser.
Researchers at Gen Digital recently found a “relatively simple” infostealer malware called Glove Stealer, which comes with “minimal obfuscation and protection mechanisms.”
This .NET malware is distributed via the ClickFix infection chain (a fake virus detection pop-up) and can extract a lot of information from Chromium-based browsers (Chrome, Edge, Brave, Opera and others).
Glove stealer
The information Glove may collect includes cookies, cryptocurrency wallet information (via browser extensions), 2FA session tokens from Google, Microsoft and others, password information from Bitwarden, LastPass, KeePass and more.
“In addition to stealing private data from browsers, it also attempts to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications,” researchers said. BleepingComputer. “These extensions and applications typically include cryptocurrency wallets, 2FA authenticators, password managers, email clients, and others.”
In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature intended to ensure that sensitive data stored by websites or web apps could only be accessed by a specific app on a device. It works by encrypting data so that only the app that created it can decrypt it, and was advertised as being particularly useful for protecting information such as authentication tokens or personal data.
However, just weeks after it was introduced, several hackers already claimed to have defeated the feature by introducing bypasses for MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC. Google said at the time that it wasn’t too surprised or disappointed by the end result, stating that it forced cybercriminals to change their behavior pattern to something more predictable.
Via BleepingComputer