"The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods."
"An ABE bypass revolves around a critical piece of material, the 'v20_master-key,' which unlocks stored browser secrets, including cookies, passwords, and tokens."
"In theory, ABE keeps this key tightly guarded, ensuring it's never exposed in a way that malware can easily access it."
"Earlier bypass techniques found ways to go after decryption, some relying on process injection that involved slipping malicious code into Chrome."
VoidStealer employs a non-noisy bypass that does not require privilege escalation or code injection, making it stealthier than other ABE bypass methods. The ABE bypass relies on the 'v20_master-key,' which unlocks stored browser secrets like cookies and passwords. Although ABE aims to protect this key, it must exist in plaintext at runtime for Chrome's functionality. Previous bypass techniques included process injection, memory dumping, and exploiting Chrome's elevation service to access decrypted data.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]