The newly identified Glove Stealer malware has found a way to bypass Google Chrome's App-Bound encryption, enabling it to steal browser cookies. Discovered by Gen Digital researchers during a phishing investigation, this malware is still in its early stages, being relatively simple with minimal obfuscation. The attack strategy relies on social engineering tricks, similar to the ClickFix chain, where victims are misled by fake error messages in HTML file attachments. Glove Stealer targets browsers like Chrome, Firefox, Edge, and others, and can also extract data from cryptocurrency wallets, authenticator tokens, and password managers.
To bypass Chrome's encryption, it uses a method outlined by researcher Alexander Hagenah, leveraging Chrome's IElevator service with SYSTEM privileges. This method requires admin access, indicating Glove Stealer's development stage compared to more sophisticated stealers. Despite needing elevated privileges, information-stealing malware campaigns have continued to grow, with attackers employing various vectors such as phishing, malvertising, and zero-day vulnerabilities.
Read more...