Sunday, June 7, 03:36
Home security Infostealers bypass the new Google Chrome 80 encryption

Infostealers bypass the new Google Chrome 80 encryption

ChromeAdding it AES-256 algorithm from Google for encryption of and passwords, at Chrome browser does not seem to be very effective against infostealers.

The developers behind the malware, stealing data from web browsers, have evolved tools to overcome this obstacle that Google has put into the Chrome browser.

Even the infostealer AZORult has received patches that make it compatible with the Chrome 80 version.

Now, a new information theft software is released, which according to advertisements in hacking forums, it can bypass the new level of encryption.

Before Chrome 80

Google released Chrome 80 in early February. Until its release, cookies and cookies codes access to Windows they were encrypted through it DPAPI in the functional system.

Raveed Laeb, company executive KELA, said that Chrome still relies on this method but has introduced an additional level of encryption.

The data is initially encrypted with the AES standard and the key is encrypted using it CrypProtectData DPAPI. The process is reset and the AES-256 key is downloaded using the CryptUnprotectData function.

Google explained why it made this change, which limited infostealers for a while:

“We've made some changes that will allow us to isolate Chrome's network stack in its own sandboxed process. As part of these changes we have changed our password / cookies encryption algorithm and storage mechanisms ”.

In this way, Google claims to make it difficult for them to do their job hackers trying to steal data with various programs.

The new method is not very effective

The addition of AES encryption to the Chrome browser initially caused some malware bugs, but it didn't last long.

Shortly after the launch of the new Chrome, they were announced publicly updates to at least four infostealers, adapted to the new mechanism, and able to steal "protected" information.

Four days after the release of the new Chrome, its creator KPot infostealer said it had already created an update to malware that could bypass encryption. The upgraded tool was immediately sold for $ 90.

Chrome infostealers

Its creators Raccoon, an infostealer that can grab data from nearly 60 applications (including all popular browsers), announced that they were also able to bypass the new Chrome 80 security level.


However, some developers of new infostealers also came forward, claiming that they can also bypass Chrome 80 encryption. For example, an ad was found in a Russian hacking forum for Redline, a new infostealer.


AZORult is still 'alive'

The AZORult it was one of the top 10 malware in 2019. Its original creator abandoned it in December 2018. However, other hackers continued to use it.

AZORult ++ was first reported in May 2019 and recently released version 3.4.

There are many variants of this infostealer and one of them now seems to be Chrome 80 compatible.

This release was announced in early March. The new version comes essentially from an unknown source and is therefore not widely adopted, but used in small campaigns.

Chrome encryption

Chrome 80 tried to block infostealers but most were able to bypass encryption so they could work effectively.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...