Warning: New malware steals Google Chrome user information.
Sophos, a UK-based cybersecurity company, has issued a warning about the Qilin ransomware, which targets the Google Chrome web browser to steal users' login credentials.
Recently, Sophos security experts discovered that the Qilin ransomware is exploiting a critical security vulnerability in the Google Chrome browser to directly steal users' login credentials, posing a significant threat to data security. This allows hackers to easily infiltrate other systems and cause serious damage.
.jpg)
In a large-scale ransomware attack, the Qilin cybercrime gang infiltrated the systems of Synnovis, a provider of outsourced laboratory services to the National Health Service (NHS) in London, UK, on June 3, 2024, stealing a large amount of sensitive patient data, including test results, medical history, and personal information.
They threatened to publicly release all this information unless they received a $50 million ransom. After unsuccessful negotiations, the Qilin gang publicly disclosed all the stolen data.
The Qilin ransomware gang is notorious for its extremely vicious "double extortion" tactic. They not only encrypt victims' data but also steal and threaten to publicly release sensitive information, forcing victims to pay a huge ransom. Cybersecurity company Sophos calls this the "Turning the Screws" tactic, emphasizing the increasing pressure on victims until they surrender.
This discovery exposed a new and extremely dangerous tactic employed by Qilin: directly attacking the login credentials of millions of Google Chrome users. With over 65% market share, Google Chrome has become a lucrative target for attackers, opening a backdoor for them to infiltrate every aspect of victims' digital lives, from bank accounts and emails to even critical business systems.
The successful intrusion of the Qilin ransomware group into a target's domain controller in July 2024 exposed a critical vulnerability in the cybersecurity systems of many organizations. A compromised domain controller, the heart of the network, leaves the entire system vulnerable, leading to devastating consequences such as data loss, operational disruption, and reputational damage.
A deeper investigation into the Qilin group's activities revealed a sophisticated attack scenario: the attackers infiltrated the target system by purchasing virtual private network (VPN) login credentials from a broker on the dark web. They then patiently "hibernated" within the system for 18 days, silently observing, mapping the network, and selecting the most precise attack target.
This attack campaign was even more sophisticated as the attackers used a malicious tool specifically designed to steal login credentials from Google Chrome. After successfully infiltrating the system, the ransomware group quickly spread throughout the system, turning the victim's entire network into a "factory" producing numerous copies of itself.
When such an incident occurs, security experts not only face the challenge of changing all passwords but also have to convince millions of users to change passwords for countless different online accounts. This is a difficult problem, because changing passwords for each account is a time-consuming and cumbersome process, and many users will neglect or forget to do so.
Since its emergence in October 2022, the Qilin ransomware has inflicted significant damage on numerous organizations globally. With its rapid spread and effective data encryption capabilities, Qilin has forced many businesses to cease operations, causing substantial financial losses and leaking sensitive customer information.
The emergence of the Qilin ransomware group has sounded the alarm about the increasingly serious state of cybersecurity. To counter these ever-evolving threats, organizations need to be more proactive in protecting their systems. Implementing multi-factor authentication, using robust endpoint security solutions, and regularly updating security are essential measures to prevent ransomware attacks.


