The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
Summary
A new infostealer dubbed 'Storm' has been identified that bypasses local decryption of stolen browser data. Instead, it sends this data directly to attacker-controlled servers for decryption, enabling advanced techniques like session hijacking. This method allows attackers to effectively bypass user passwords and multi-factor authentication (MFA).
IFF Assessment
This is bad news for defenders as it introduces a novel method for session hijacking that can bypass traditional authentication measures like passwords and MFA.
Defender Context
Defenders need to be aware of the 'Storm' infostealer and its server-side decryption capabilities. This highlights the growing sophistication of session hijacking attacks that can circumvent robust authentication mechanisms, necessitating more advanced threat detection and response strategies.