VoidStealer malware steals Chrome master key via debugger trick
Summary
VoidStealer malware has developed a novel method to bypass Chrome's Application-Bound Encryption (ABE) and steal the browser's master key. This allows the malware to decrypt sensitive user data such as passwords, cookies, and autofill information stored within Chrome. The attack exploits a debugger trick to access and exfiltrate the critical encryption key.
IFF Assessment
This is bad news for defenders as a new malware strain has found a way to defeat a browser's native encryption, enabling the theft of sensitive user credentials and data.
Defender Context
Defenders should be aware of this new information stealer and its sophisticated technique for compromising browser security. Monitoring for unusual debugger activity or attempts to access browser-protected data can be crucial in detecting and mitigating such threats. This highlights the ongoing cat-and-mouse game between malware authors and browser security features.