A new variant of VoidStealer has emerged that bypasses Chrome's App Bound Encryption (ABE) without needing to inject code into the browser process or escalate privileges. The malware attaches itself as a debugger to the browser and sets hardware breakpoints when the v20_master_key is briefly present in memory, allowing it to extract the key directly from registers. This technique avoids modifying browser memory and can be detected by monitoring processes that attach debuggers to browsers or flagging unexpected DebugActiveProcess calls targeting browsers.
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
2
Comments
Ali NematiWritten by Ali
