CP
cyberpings
Malware & RansomwareHIGH

Storm Infostealer - New Malware Remotely Decrypts Credentials

Featured image for Storm Infostealer - New Malware Remotely Decrypts Credentials
IMInfosecurity Magazine
Storminfostealercredential theftmalwarecybercrime
🎯

Basically, Storm is a new type of malware that steals and decrypts your passwords remotely.

Quick Summary

A new infostealer named Storm has emerged, capable of remotely decrypting stolen credentials. This poses a serious risk to users, as it targets sensitive data from browsers and crypto wallets. With its stealthy approach, Storm can bypass many security measures, making it crucial for users to stay vigilant.

What Happened

Security researchers at Varonis have discovered a new infostealer malware strain called Storm. This malware is designed to harvest sensitive information such as browser credentials, session cookies, and crypto wallet data. Unlike traditional infostealers, Storm employs a novel approach by decrypting stolen credentials on its own servers rather than on the victim's machine.

How It Works

Storm operates by sending encrypted files to the attacker's server for decryption. This method helps it bypass security controls that would typically flag local decryption attempts. Daniel Kelley, a senior security consultant at Varonis, explained that previous infostealers decrypted credentials directly on the victim's device, which became easier to detect as security tools evolved. With Storm, the malware collects data and transfers it to the attacker, where it can be decrypted without leaving traces on the victim's machine.

Who's Being Targeted

The malware primarily targets users of Chromium and Gecko-based browsers, including popular options like Firefox. It can extract a wide range of sensitive information, including:

  • Saved passwords
  • Session cookies
  • Autofill data
  • Google account tokens
  • Credit card information
  • Browsing history

Signs of Infection

Victims may not notice anything unusual at first. However, compromised browsers can provide attackers with authenticated access to various platforms, including SaaS applications and internal tools, without triggering alerts. The stealthy nature of Storm makes it particularly dangerous, as it operates in memory to minimize detection risks.

How to Protect Yourself

To defend against threats like Storm, users should:

  • Regularly update their browsers and security software.
  • Use strong, unique passwords for different accounts.
  • Enable two-factor authentication wherever possible.
  • Monitor accounts for suspicious activities.

What Data Was Exposed

During the investigation, Varonis identified 1,715 entries linked to Storm, originating from multiple countries, including Brazil, India, and the US. The stolen credentials cover high-value platforms such as:

  • Social media: Google, Facebook, Twitter/X
  • Cryptocurrency services: Coinbase, Binance, Crypto.com

This type of data is often traded on underground markets, leading to account takeovers and further cyber intrusions.

Conclusion

Storm represents a significant evolution in infostealer technology. By remotely decrypting stolen credentials, it poses a heightened risk to users and organizations alike. Awareness and proactive security measures are essential to mitigate the threats posed by such advanced malware.

🔒 Pro insight: Storm's server-side decryption method marks a significant shift in infostealer tactics, complicating detection and response efforts for security teams.

Original article from

IMInfosecurity Magazine
Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Claude Code Leak - Infostealer Malware Delivered via GitHub

A recent leak of Claude Code's source code is being exploited by hackers to distribute Vidar malware through fake GitHub repositories. Users searching for the leak are at high risk of infection. Stay informed and cautious to avoid downloading malicious software.

BleepingComputer·
HIGHMalware & Ransomware

CrystalRAT - New Malware-as-a-Service Offers Remote Access

A new malware-as-a-service called CrystalRAT has emerged, offering remote access and prank features. It targets popular applications and browsers, posing significant risks to users. Cybersecurity experts warn of its potential for widespread exploitation.

SC Media·
HIGHMalware & Ransomware

NoVoice Android Malware - Steals WhatsApp Data via Apps

NoVoice malware has infiltrated Google Play, stealing WhatsApp data from millions. Users are at risk of account cloning. Immediate action is necessary to secure devices.

SC Media·
HIGHMalware & Ransomware

WhatsApp Alerts Users About Spyware in Fake iPhone App

WhatsApp warns of a fake iPhone app containing spyware affecting around 200 users. The company is taking action against the creators and urges users to uninstall the malicious app immediately.

SC Media·
HIGHMalware & Ransomware

Ransomware Attackers Exploit Legitimate IT Tools to Bypass Antivirus

Ransomware attackers are using legitimate IT tools to bypass antivirus systems. This trend poses a significant risk to organizations, making detection difficult. Staying informed and proactive is crucial for defense.

SC Media·
HIGHMalware & Ransomware

Phishing Campaign - Delivers Casbaneiro and Horabot Trojans

A new phishing campaign is targeting Spanish-speaking users, delivering the Casbaneiro and Horabot banking trojans. This sophisticated attack poses serious risks, as it exploits various methods to trick victims. Stay alert and protect your sensitive information.

SC Media·