Published on March 10th, 2020 📆 | 7246 Views ⚑
0Google Chrome AES-256 Password Encryption Proves No Match For Crafty Malware Devs
AZORult is not the only bit of malware to defeat Chrome 80's enhanced encryption scheme. The folks at BleepingComputer gave a rundown of several malware types and campaigns that have done the same thing. According to the site, malware makers have been scrambling to update their tools to continue stealing data from Chrome users, even if they are running the latest build.
"While Chrome adding AES encryption for cookies and passwords created ripples in the malware world, the disturbance was short-lasting for most malicious tools," the site noted.
It took just days for updated malware tools to appear with claimed support for Chrome 80. One of them is called Raccoon, and the newest release is apparently capable of nabbing data from nearly 60 apps, including all popular web browsers, Chrome 80 included.
Perhaps malware authors are seeing the added security as a challenge, because it's not just old tools getting makeovers. Brand new info-stealing software has emerged, with their authors claiming out-of-the-box support for Chrome 80.
What can you do? Well, common sense computing habits are still your best bet. Things like never clicking on unsolicited links or downloading unexpected attachments in emails, typing URLs directly into your browser, and being vigilant against phishing schemes.
Gloss