Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Summary
A new infostealer malware, dubbed VoidStealer, has been discovered that bypasses Chrome's Application-Bound Encryption (ABE) using a novel debugger-based technique. This method does not require privilege escalation or code injection, making it stealthier than previous ABE bypass methods. VoidStealer aims to steal sensitive browser data such as passwords and cookies.
IFF Assessment
This is bad news for defenders as a new malware strain has found a stealthy way to bypass a significant browser security feature designed to protect user credentials.
Defender Context
This discovery highlights the ongoing cat-and-mouse game between security researchers and malware developers, as new bypass techniques for even robust security measures like ABE continue to emerge. Defenders should be aware of this new threat and monitor for any indicators of compromise related to VoidStealer, especially in environments where sensitive data is accessed via Chrome.