Encircle News!

Retro Game Arcade
, , ,

Watch out — Google Chrome details can be stolen by this clever new ransomware

TechRadar – All the latest technology news

The Qilin ransomware variant has been spotted successfully exfiltrating sensitive data stored in the Google Chrome browser.

In its writeup, researchers from Sophos revealed how a criminal group used previously compromised credentials to enter the IT infrastructure of an unnamed organization. The credentials were for a Virtual Private Network (VPN) portal, which lacked multi-factor authentication (MFA), and as such was relatively easy to access.

It is unknown if the initial breach was made by an Initial Access Broker (IAB) and then handed over to the ransomware operators, or if it was all done by a single organization.

En masse credential theft

In any case, the group dwelled for more than two weeks (18 days) before moving laterally to a domain controller using the compromised credentials. While the crooks were spotted on a single domain controller within their target’s Active Directory domain, other domain controllers in that AD domain were infected, the researchers concluded. They were, however, affected differently.

Qilin is a classic ransomware operation that engages in the usual double-extortion attack – it first steals as much information as possible, before encrypting the compromised device and asking for payment in exchange for the decryption key. However, what makes this operation relatively unique, the researchers claim, is the way it targets Google Chrome.

“During a recent investigation of a Qilin ransomware breach, the Sophos X-Ops team identified attacker activity leading to en masse theft of credentials stored in Google Chrome browsers on a subset of the network’s endpoints – a credential-harvesting technique with potential implications far beyond the original victim’s organization,” the researchers explained. “This is an unusual tactic, and one that could be a bonus multiplier for the chaos already inherent in ransomware situations.”

In other words, Qilin would harvest the credentials saved in Chrome browsers on machines connected to the same network as the initially compromised one.

Cybercriminals continue to evolve their tactics, Sophos concluded, stressing that organizations need to rely on password managers more, and make sure to enable MFA wherever possible, to minimize the chances of falling prey.

More from TechRadar Pro

https://www.techradar.com/pro/security/google-chrome-details-can-be-stolen-by-this-clever-new-ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics This Week in Tech (Audio)

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win – Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit – use code: TWIT 1password.com/twit e-e.com/twit
  1. TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics
  2. TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing
  3. TWiT 991: This Show Is Securities Fraud – Intel Layoffs, KOSA, Don Lemon
  4. TWiT 990: Dogecoin Fort Knox – AI Cheese, SearchGPT, "Free" Facebook
  5. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Streaming the Olympics