Infosecurity Magazine
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
ATT&CK techniques detected
T1555.003Credentials from Web Browsers
100%
“new ' storm ' infostealer remotely decrypts stolen credentials security researchers at varonis have uncovered a new information stealer malware ( infostealer ) strain that harvests browser credentials, session cookies and crypto wallets before quietly sending everything to the at…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1555.003Credentials from Web Browsers
99%
“into chrome or abusing its debugging protocol, but those still left traces that security tools could pick up. ” enter storm, which ships encrypted files to their own infrastructure instead of decrypting them locally. kelley also noted that storm takes this approach further by “ h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
35%
“from telegram, signal and discord and targets crypto wallets through both browser extensions and desktop apps. “ everything runs in memory to reduce the chance of detection, ” kelley explained. while most stealers require buyers to manually replay stolen logs in their operator ' …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls