Today > | 7 High | 24 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Glove Stealer bypasses Chrome's App-Bound Encryption to steal cookies

Nov. 18, 2024, 5:33 p.m.

Description

Researchers have discovered a new .NET-based information stealer called Glove Stealer that targets browser extensions and local software to steal sensitive data like cookies, passwords, and cryptocurrency wallets. It uses a novel technique to bypass Chrome's App-Bound encryption by exploiting the IElevator service. The malware is distributed through phishing campaigns and requires administrative privileges to place its module in Chrome's Program Files directory. Once executed, it contacts a command-and-control server to exfiltrate harvested data.

Date

Published: Nov. 16, 2024, 3:18 a.m.

Created: Nov. 16, 2024, 3:18 a.m.

Modified: Nov. 18, 2024, 5:33 p.m.

Attack Patterns

Glove Stealer

T1021.001

T1132.001

T1555.003

T1059.001

T1567

T1012

T1087

T1056.001

T1555

T1071.001

T1082

T1057

T1083