SECURITYMALWAREBYTES LABS
Malware steals Chrome session cookies to take over your accounts
A phishing email with a malicious JavaScript file disguised as a PDF installs a Chrome extension that steals session cookies and uses Chrome Native Messaging to execute PowerShell commands. The malware bypasses multi-factor authentication by hijacking active browser sessions and collects data like open tabs and system files.
Mentioned
Related Signal
Adjacent reporting
- Google Chrome adds session cookie theft protection for all users
- Google Chrome adds infostealer protection against session cookie theft
- ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
- WhatsApp phishing attack uses fake business docs to hack PCs
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts