Google's attempt to block information-stealing malware stored in its Chrome browser appears to have been short-lived, as multiple variants claim to have successfully bypassed it.
In late July 2024, Google released Chrome 127, which introduced app-linked encryption, a feature that sought to ensure that sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was touted as being particularly useful for protecting information such as authentication tokens or personal data.
Now, just a few months after its introduction, the protection mechanism has already been cracked by some of the most popular information thieves. Computer beeping There are reports that companies such as MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC have introduced some form of bypass.
Prioritize the impact
Some of the updates have also been confirmed to work with Chrome 129, the most recent version of the browser available at the time of publication. TechRadar Pro has reached out to Google for comment and will update our article if we hear back.
“A new method for collecting Chrome cookies has been added,” Lumma developers have recently informed their customers. “The new method does not require administrator rights or a reboot, which simplifies the creation of the crypt and reduces the chances of detection, thus increasing the error rate.”
Extracting information from browsers is a key feature for most of the most prominent information stealers. Many people store things like passwords or payment data inside their browsers for convenience and quick access. Many also use cryptocurrency wallet plugins for their browsers. By stealing cookies, criminals can even log into services protected by multi-factor authentication (MFA). All of this makes browsers one of the most important targets during data theft.