Tech
New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes
Google employs numerous tools and tactics to help prevent cookie-stealing hackers from accessing your account and data. On July 30, it revealed how Chrome 127 for Windows was introducing application-bound encryption, which, similarly to macOS and Keychain, encrypts data tied to app identity. In other words, this makes it much harder for hackers to access sensitive data and bypass two-factor authentication using infostealer malware. One developer of such malware now claims to have defeated this encryption in 10 minutes flat. Here’s what you need to know.
Multiple Infostealer Developers Claim To Have Bypassed New Chrome Security Protections
The theft of browser cookies, specifically session-cookies, is a prime tactic used by criminal hackers in order to bypass 2FA protections and gain unfettered access to accounts and data.
Will Harris, part of the Chrome security team, explained in an official blog posting how Google was improving the security of Chrome cookies for users of the Windows platform. This was in addition to existing protections such as device-bound sessions for all Chrome users. But now, it would appear developers of popular infostealer malware tools have released updates to their malicious applications that, they claim, can bypass these protections. Including the app-bound encryption meant to protect Windows users.
Bleeping Computer and Risky Business have both reported how the developers of such malware including the likes of Lumar, Lumma, Meduza, Rhadamanthys, StealC, Vidar and Whitesnake have been issuing updates with this claimed ability on dark web criminal forums.
This is a huge problem for Google and Chrome browser users alike, if all these malware developers have truly managed to break through this security barrier so quickly. Infostealer malware allows an attacker to steal browser secrets, and they are secrets for a reason: once known they open the door to your sensitive data. A seesion cookie validates your account session after you have completed the 2FA step and, if stolen, makes 2FA ineffective as the attacker has effectively already been authorized and has free access. Bleeping Computer has confirmed that the latest Lumma Stealer and Vidar malware releases can, indeed, bypass the cookie encryption feature of Chrome 129. The developers of the Rhadamanthys infostealer malware, meanwhile, have claimed it took them less than 10 minutes to reverse the cookie encryption process.
I have contacted Google and will update this story should a statement be issued.