Ethical Hacking News
Glove Stealer, a sophisticated .NET-based information stealer, has been discovered by researchers at Gen Digital. This malware targets browser extensions and locally installed software to steal sensitive data from infected systems. The malware could harvest a vast trove of data, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.
Glove Stealer is a .NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data from infected systems. The malware can harvest a vast trove of data, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer exploits a new technique to bypass Chrome's App-Bound Encryption, allowing it to steal browser cookies. The malware uses the IElevator service, a method that was disclosed in October 2024, to bypass App-Bound encryption and extract data from Chromium-based browsers. The campaign used a phishing message with an HTML file attachment to infect systems, instructing users to copy a malicious script to their clipboard. Glove Stealer pretends to search for system errors while secretly contacting a command-and-control (C&C) server to harvest and exfiltrate data. The malware has been identified as a zero-day threat, making it difficult for traditional security solutions to detect and prevent its attacks. R Researchers believe that Glove Stealer is in its early development phase, suggesting that threat actors are still testing and refining their tactics.
Glove Stealer, a sophisticated .NET-based information stealer, has been discovered by researchers at Gen Digital. This malware targets browser extensions and locally installed software to steal sensitive data from infected systems. The malware could harvest a vast trove of data, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.
The Glove Stealer malware exploits a new technique to bypass Chrome's App-Bound Encryption, allowing it to steal browser cookies. According to researchers at Gen Digital, the malware uses the IElevator service, a method that was disclosed in October 2024. This method enables the malware to bypass App-Bound encryption and extract data from Chromium-based browsers.
The campaign observed by researchers used a phishing message with an HTML file attachment. The HTML page displayed a fake error message claiming that some content could not be accessed properly and provided instructions for resolving the issue. Users were instructed to copy a malicious script to their clipboard, and upon executing it in a terminal or the Run prompt, their systems became infected.
Upon execution, Glove Stealer pretends to search for system errors while secretly contacting a command-and-control (C&C) server to harvest and exfiltrate data. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption. This process requires the malware to gain local administrative privileges, enabling it to place the module in Chrome's Program Files directory and bypass path validation checks.
The Glove Stealer malware has been identified as a zero-day threat, meaning that no prior warnings or alerts had been issued about this specific exploit. The use of IElevator service to bypass App-Bound encryption is also considered an advanced technique, making it difficult for traditional security solutions to detect and prevent the malware's attacks.
Researchers believe that Glove Stealer is in its early development phase, suggesting that threat actors are still testing and refining their tactics. However, this does not diminish the severity of the threat, as the malware has already demonstrated its ability to exploit Chrome's App-Bound Encryption and steal sensitive data from infected systems.
In conclusion, the discovery of Glove Stealer highlights the ongoing cat-and-mouse game between cyber attackers and security professionals. As new threats emerge, it is essential for individuals and organizations to stay vigilant and implement robust security measures to protect themselves against sophisticated malware like Glove Stealer.
Glove Stealer, a sophisticated .NET-based information stealer, has been discovered by researchers at Gen Digital. This malware targets browser extensions and locally installed software to steal sensitive data from infected systems. The malware could harvest a vast trove of data, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.
Related Information:
https://securityaffairs.com/171034/malware/glove-stealer-bypasses-chromes-app-bound-encryption.html
Published: Fri Nov 15 20:40:09 2024 by llama3.2 3B Q4_K_M
