CP
cyberpings
Malware & RansomwareHIGH

VoidStealer Malware - New Trick Steals Chrome Master Key

BCBleepingComputer
VoidStealerChromeApplication-Bound Encryptionmalware-as-a-serviceGen Digital
🎯

Basically, VoidStealer is a malware that steals secret keys from Chrome to access your private information.

Quick Summary

VoidStealer malware has been discovered stealing Chrome's master key using a new debugger trick. This affects users' sensitive data stored in the browser, making it crucial to enhance security measures.

How It Works

VoidStealer is an information stealer that uses a sophisticated method to extract the Chrome master key. This malware employs a technique known as debugger trickery, which allows it to bypass Chrome's Application-Bound Encryption (ABE). By exploiting hardware breakpoints, VoidStealer can access the v20_master_key directly from the browser's memory during decryption operations. This is a significant advancement in malware tactics, as it does not require privilege escalation or code injection, making it stealthier and harder to detect.

The malware operates by starting a hidden browser process and attaching a debugger to it. It waits for the browser's DLL files to load, scanning for specific instructions that reference the master key. When the browser decrypts data at startup, VoidStealer captures the plaintext master key using the ReadProcessMemory function. This method is particularly effective because it targets a brief moment when the key is accessible in memory.

Who's Being Targeted

The primary targets of VoidStealer are users of Google Chrome and Microsoft Edge browsers. Since these browsers are widely used, the potential impact is substantial. Cybercriminals have been advertising VoidStealer as a malware-as-a-service (MaaS) platform on dark web forums since late 2025, making it accessible to various threat actors. The ease of use and effectiveness of this malware means that it could be employed by a wide range of attackers, from novice hackers to more sophisticated cybercriminal organizations.

As this malware continues to evolve, it poses a growing threat to users who store sensitive information in their browsers. The risk is particularly high for individuals and businesses that rely on browser-stored passwords and cookies for convenience.

Signs of Infection

Users may not easily detect VoidStealer since it operates silently in the background. However, there are some signs to watch for:

  • Unusual browser behavior: If your browser starts acting strangely, such as slow performance or unexpected crashes, it could indicate malware activity.
  • Unauthorized access: If you notice unauthorized logins to your accounts, this may suggest that your stored passwords have been compromised.
  • New browser extensions: Check for unfamiliar extensions that may have been added without your consent.

How to Protect Yourself

To safeguard against VoidStealer and similar malware, consider the following measures:

  • Keep your browser updated: Always use the latest version of your browser to benefit from security patches and improvements.
  • Use strong, unique passwords: Avoid storing passwords in your browser. Instead, use a reputable password manager.
  • Enable two-factor authentication: This adds an extra layer of security to your accounts, making it harder for attackers to gain access even if they have your passwords.
  • Monitor your accounts: Regularly check your accounts for any suspicious activity and report any unauthorized access immediately.

By staying vigilant and adopting these practices, users can reduce their risk of falling victim to VoidStealer and other information stealers.

🔒 Pro insight: The emergence of VoidStealer highlights the need for continuous updates in browser security to counter evolving malware tactics.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Latest Insights from Security Affairs Newsletter

The latest malware newsletter reveals critical threats like new ransomware and backdoors targeting Ukrainian entities. Understanding these risks is essential for cybersecurity. Stay informed to protect your systems.

Security Affairs·
HIGHMalware & Ransomware

WorldLeaks Ransomware - Major Breach Hits Los Angeles Metro

The WorldLeaks ransomware group has breached the City of Los Angeles, causing significant disruptions. Riders are facing issues with Metro services, while Bay Area cities declared emergencies. This incident underscores the urgent need for enhanced cybersecurity measures.

Security Affairs·
HIGHMalware & Ransomware

Malware - Trivy Supply Chain Attack Spreads CanisterWorm

A supply chain attack on Trivy has led to the spread of CanisterWorm across 47 npm packages. Developers are at risk as this malware self-propagates, compromising systems and projects. Immediate action is needed to secure environments against this threat.

The Hacker News·
HIGHMalware & Ransomware

Gentlemen Ransomware - Inner Workings Exposed in Leak

The secrets of the Gentlemen ransomware gang have been leaked, revealing their dual-extortion tactics and complex operational strategies. This leak highlights vulnerabilities within cybercrime groups and the risks they pose to organizations. It's a crucial moment for cybersecurity awareness and action.

SC Media·
HIGHMalware & Ransomware

Speagle Malware - Hijacks Cobra DocGuard for Data Theft

A new malware called Speagle is exploiting Cobra DocGuard to steal sensitive data. Organizations using this software are at high risk. Immediate action is needed to protect sensitive information from this sophisticated threat.

SC Media·
HIGHMalware & Ransomware

Perseus Android Malware - Evolving Threat for Device Takeover

A new Android malware called Perseus is evolving from previous threats like Cerberus. It targets users for device takeover and financial fraud. Users in multiple countries are at risk, highlighting the need for vigilance against such threats.

SC Media·