CP
cyberpings
Malware & RansomwareHIGH

VoidStealer - New Variant Bypasses Chrome ABE Security

CSCyber Security News
VoidStealerGoogle ChromeinfostealerElevationKatzmalware
🎯

Basically, a new type of malware can steal passwords from Chrome without being easily noticed.

Quick Summary

A new variant of VoidStealer has bypassed Chrome's ABE security, posing a serious risk to user data. This malware can extract sensitive information without detection. Stay informed and secure your credentials.

What Happened

A new variant of the VoidStealer infostealer has emerged, capturing the attention of the cybersecurity community. This version, known as VoidStealer 2.0, is notable for being the first malware to bypass Google Chrome’s Application-Bound Encryption (ABE) without needing code injection or elevated system privileges. This significant advancement was introduced on March 13, 2026, and represents a troubling evolution in malware capabilities.

The ABE feature, launched in July 2024, was designed to protect sensitive data like passwords and cookies by tying encryption keys to a high-privilege service. However, threat actors have continually adapted, finding ways to circumvent these protections. The new VoidStealer variant employs a debugger-based technique to extract encrypted credentials directly from memory, marking a shift in how infostealers operate.

Who's Being Targeted

This malware is primarily targeting users of Google Chrome and Microsoft Edge. By leveraging its new technique, VoidStealer can silently extract sensitive browser credentials without raising alarms. The stealthy nature of this attack makes it particularly dangerous, as many security tools may not detect its activity.

With the technique now publicly available through the open-source ElevationKatz project, other cybercriminals are likely to adopt similar methods, increasing the risk for users across various platforms. The rapid evolution of VoidStealer—from version 1.0 to 2.1 in just three months—indicates that its developers are actively enhancing its capabilities.

Signs of Infection

Detecting VoidStealer can be challenging due to its low detection footprint. Unlike traditional ABE bypass techniques that require high-level privileges or code injection, this variant operates using standard Windows debugging APIs. This makes it less conspicuous and more difficult for security software to identify.

Indicators of compromise for VoidStealer v2.0 include unusual behavior, such as any process autonomously attaching a debugger to a browser. Security teams should monitor for browser memory reads from third-party processes and watch for unexpected DebugActiveProcess calls targeting browsers. These signs can help in early detection of this infostealer.

How to Protect Yourself

To safeguard against the VoidStealer threat, users should take proactive measures. Here are some recommended actions:

  • Keep your browser updated: Ensure that you are using the latest version of Chrome or Edge to benefit from the latest security patches.
  • Use security tools: Employ robust antivirus and anti-malware solutions that can detect unusual behavior and protect against known threats.
  • Be cautious with downloads: Avoid downloading software or files from untrusted sources, as these may harbor malware.

By staying vigilant and informed, users can better protect themselves from the evolving landscape of cyber threats posed by infostealers like VoidStealer.

🔒 Pro insight: The emergence of this bypass technique signals a critical shift in infostealer tactics, emphasizing the need for enhanced detection measures in browser security.

Original article from

Cyber Security News · Tushar Subhra Dutta

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware Attack - Drivers Stranded by Breathalyzer Company

A cyberattack on Intoxalock has stranded drivers across the U.S. Many can't start their vehicles due to calibration issues. The situation is ongoing, and users are advised to stay updated.

TechCrunch Security·
HIGHMalware & Ransomware

Malware - US Allies Dismantle High-Volume IoT Botnets

The US and its allies have successfully dismantled four major IoT botnets. These networks caused significant disruption and extortion, impacting many victims. This action is vital for improving cybersecurity and protecting users from future attacks.

Cybersecurity Dive·
HIGHMalware & Ransomware

Malware - Justice Department Disrupts Major Botnets

The Justice Department has disrupted four major botnets hijacking millions of devices. This operation prevents further DDoS attacks and protects users. Cybercrime continues to pose significant risks, highlighting the need for ongoing vigilance.

CyberScoop·
HIGHMalware & Ransomware

Perseus Android Malware - Full Device Takeover Threats

A new Android malware named Perseus has surfaced, enabling full device takeovers and stealing sensitive notes. Users in several countries are at risk. Stay vigilant and avoid sideloading apps.

Cyber Security News·
HIGHMalware & Ransomware

Interlock Ransomware - Targets Cisco Enterprise Firewalls

Interlock Ransomware is exploiting a critical flaw in Cisco firewalls, putting many enterprises at risk. This attack highlights the urgent need for enhanced cybersecurity measures. Organizations must act quickly to protect their data and systems.

Dark Reading·
HIGHMalware & Ransomware

Malware Alert - DarkSword Exploits iOS, Interlock Targets Cisco

A new iOS exploit called DarkSword is stealing personal data from iPhones. Meanwhile, the Interlock ransomware group is exploiting a critical Cisco vulnerability. Both threats pose significant risks to users and enterprises, highlighting the need for immediate action.

SentinelOne Labs·