Warning: Dangerous malware is attacking users' web browsers.

Researchers from the US security company Varonis have just published a remarkable discovery: a new type of malware capable of stealing information can collect a wide range of important data from users' web browsers, including accounts, passwords, session cookies, and even cryptocurrency wallets.

Information-stealing malware is not a new concept; this type of malicious software has been around since the mid-2000s. However, the new variant called Storm shows a significant increase in sophistication, particularly in its ability to bypass modern security mechanisms.

How Storm malware works: It does not decrypt on the victim's machine.

Typically, malware that steals information runs directly on the victim's machine. It exploits local databases (such as SQLite) to extract login credentials stored in the browser.

However, things started to change when Google introduced App-Bound Encryption in Google Chrome version 127 (July 2024). This mechanism ties the encryption key to the browser application itself, making it more difficult to decrypt data directly on the device.

To bypass this protection, Storm employs a completely different tactic: instead of decrypting data on the victim's device, the malware collects the encrypted data and sends it to the attacker's server.

Here, the entire decryption and analysis process takes place remotely. This helps Storm avoid detection by many endpoint security tools, which typically only monitor decryption activities locally.

What kind of data could be stolen?

Storm is capable of collecting almost all of a user's "digital footprint," including:

- Saved account and password.

- Login session cookie.

- Autofill data.

- Google account token.

- Credit card information.

- Browsing history.

- Data from user and application folders.

- Cryptocurrency wallet.

More concerningly, hijacking session cookies allows attackers to log into accounts without needing a password or two-factor authentication (2FA).

Bypass security tools through remote processing.

One of Storm's most dangerous aspects is its ability to "hide." Because the data is decrypted on servers controlled by the hackers, security tools on the user's computer are almost incapable of detecting suspicious activity.

Furthermore, Storm supports a wide range of browsers, from Chromium-based to Firefox. This significantly expands the scope of the attack.

Furthermore, the malware automatically records events, activities, or data occurring in the system after decryption, making it easy for hackers to access and reuse stolen login sessions.

According to Varonis, Storm is being sold for under $1,000 per month, a relatively low cost that makes it an accessible tool for many cyberattack groups.

In fact, this malware has been detected in numerous campaigns targeting financial accounts, social media, and cryptocurrencies in many countries, including the United States.

What can users do to protect themselves?

Given the increasingly sophisticated threats, individual users should not be complacent. Some basic but effective measures include:

- Regularly delete your browser cookies or set them to delete automatically.

Avoid accessing websites of unknown origin.

- Do not download software from unreliable sources.

- Use a password manager.

- Always keep your operating system and security software updated.

- Perform regular virus scans.

With hackers increasingly leveraging artificial intelligence to develop malware, the line between safety and risk is becoming increasingly blurred. Proactively protecting personal data is therefore more important than ever.

Storm clearly demonstrates that cyber threats are evolving far faster than most users realize. And in this race, vigilance is the first and most important "shield."