change

now browsing by tag

 
 

Chrome 80 encryption change blocks AZORult password stealer – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Evidence is emerging that a barely noticed change made to Chrome 80, released on 4 February, might have disrupted the hugely successful data and user profile stealing malware AZORult.

AZORult first appeared in 2016, since then it has been used to thieve huge amounts of information from victims, including everything from cryptocurrency data, passwords, web browsing history and cookies, to credentials for FTP clients, desktop Telegram, and Skype chats.

You name it, AZORult will try to steal it, often posing as legitimate software such as the installer for ProtonVPN.

The malware went into a relative decline in 2018. And now, according to research by Israeli security company Kela, chatter on crime forums suggests cybercriminals believe that Chrome 80’s move to encrypt locally saved passwords and cookies using AES-256 has killed the malware’s attempts to steal data for good.

When running on Windows, Chrome previously relied on Microsoft’s systemwide Data Protection API (DPAPI), which has proved susceptible to popular credential cracking tools such as Mimikatz.

“All the older cracked versions of different stealers are finished,” Kela translates a Russian language commenter on a crime forum as having said.