Chrome’s cookie encryption has been broken by the new Glove infostealer malware.
The new Glove Stealer malware can collect browser cookies by getting past Google Chrome’s Application-Bound (App-Bound) encryption. This information-stealing virus is “very simple and contains limited obfuscation or protective features,” suggesting that it is most likely still in its early stages of development, according to Gen Digital security researchers who first discovered it when looking into a recent phishing attempt.
During their attacks, the threat actors used social engineering tactics similar to those used in the ClickFix infection chain, where potential victims get tricked into installing malware using fake error windows displayed within HTML files attached to the phishing emails.
Cookies from Firefox and Chromium-based browsers (such as Chrome, Edge, Brave, Yandex, and Opera) can be extracted and exfiltrated by the Glove Stealer.NET virus.
Additionally, it can collect password information from Bitwarden, LastPass, and KeePass, cryptocurrency wallets from browser extensions, 2FA session tokens from Google, Microsoft, Aegis, and LastPass authenticator apps, and emails from mail programs like Thunderbird.
“Other than stealing private data from browsers, it also tries to exfiltrate sensitive information from a list of 280 browser extensions and more than 80 locally installed applications,” said malware researcher Jan Rubín.
“These extensions and applications typically involve cryptocurrency wallets, 2FA authenticators, password managers, email clients and others.”
Glove Stealer bypasses Google’s App-Bound encryption cookie-theft safeguards, which were implemented by Chrome 127 in July, in order to steal credentials from Chromium web browsers. It accomplishes this by employing a supporting module that decrypts and recovers App-Bound encrypted keys using Chrome’s own COM-based IElevator Windows service (running with SYSTEM rights), as outlined by security researcher Alexander Hagenah last month.
To install this module in the Program Files directory of Google Chrome and utilize it to recover encrypted keys, the virus must first obtain local administrator capabilities on the infected PCs.
However, despite its attractive appearance, Glove Stealer is still in its early stages of development since, as researcher g0njxa told BleepingComputer in October, it is a simple technique that most other information thieves have already accomplished to collect cookies from all Google Chrome versions.
Russian Panda, a malware analyst, previously told BleepingComputer that Hagenah’s technique resembles early workarounds used by other viruses following Google’s introduction of Chrome App-Bound encryption.
When Google told BleepingComputer last month that “this code [xaitax’s] requires admin credentials, which shows that we have successfully upped the degree of access required to properly pull off this type of assault,” Unfortunately, the number of active information-stealing malware campaigns has not decreased significantly despite the requirement for administrator access to circumvent App-Bound encryption.
Attacks have only increased since July when Google first implemented App-Bound encryption, targeting potential victims via vulnerable drivers, zero-day vulnerabilities, malvertising, spearphishing, StackOverflow answers, and fake fixes to GitHub issues.
Google Pixel Watch 4
Google Pixel 9
Comments & Discussions
Join the conversation! We use Disqus to handle comments. Click the button below to load the comment section.
Keep Reading
New software launches rarely go off without a hitch, and Android 17 is proving no different. Shortly after the update rolled out, Pixel owners began reporting connectivity problems — specifically, losing access to 5G entirely after installing the update. Reports surfaced on the Google Pixel subreddit, with multiple users across different device generations describing the […]
Huawei’s next Kirin 5G chipsets for the Mate 90 series are expected to deliver a meaningful performance step up over the 2025 versions, driven by a shift away from Moore’s Law toward Tau’s Scaling Law. According to a new leak, HarmonyOS 7 is being developed with this architectural shift in mind. Weibo leaker @FixedFocus reports […]
The Honor X70 Pro Max has arrived without any formal launch event, slipping onto the market with a focus on durability, battery endurance, and a capable Qualcomm chipset. The phone comes in four color options: Phantom Purple, Sunburst Gold, Bamboo Rhythm Green, and Phantom Night Black. It measures 161.9 x 76.1 x 7.76mm and weighs […]
If Samsung Messages is still the default texting app on a Galaxy phone, July is going to require some attention. The app is being deactivated for US users, and texts, RCS conversations, and message history stored inside it won’t move anywhere on their own. Everything is transitioning to Google Messages – and while the migration […]
Honor has confirmed that its entire Magic series lineup will receive up to 7 years of Android updates in the EU and UK, marking a firm commitment to long-term software support, ongoing security patches, and sustained value for device owners. The announcement came during the launch of the Honor Magic V6 foldable in Malaysia. Honor […]
Being a Pixel owner outside the United States has always come with a catch: a long list of AI features that simply aren’t available in your region. Google has gradually extended some of these to international markets, but the majority remain US-only. That gap may be getting a little smaller, as the company appears to […]
