Glove Stealer bypasses Chrome's App-Bound Encryption to steal cookies
Nov. 18, 2024, 5:33 p.m.
Tags
External References
Description
Researchers have discovered a new .NET-based information stealer called Glove Stealer that targets browser extensions and local software to steal sensitive data like cookies, passwords, and cryptocurrency wallets. It uses a novel technique to bypass Chrome's App-Bound encryption by exploiting the IElevator service. The malware is distributed through phishing campaigns and requires administrative privileges to place its module in Chrome's Program Files directory. Once executed, it contacts a command-and-control server to exfiltrate harvested data.
Date
Published: Nov. 16, 2024, 3:18 a.m.
Created: Nov. 16, 2024, 3:18 a.m.
Modified: Nov. 18, 2024, 5:33 p.m.
Attack Patterns
Glove Stealer
T1021.001
T1132.001
T1555.003
T1059.001
T1567
T1012
T1087
T1056.001
T1555
T1071.001
T1082
T1057
T1083