Storm Infostealer Targets Google Chrome Encryption as Malware-as-a-Service

Varonis Threat Labs identified Storm Infostealer, a malware-as-a-service (MaaS) operation targeting Google Chrome encryption to extract sensitive data. The infostealer is sold as a subscription-based tool, enabling threat actors to steal credentials, browser data, cryptocurrency wallets, and account information. Storm operates by bypassing Chrome's built-in security mechanisms, though specific technical methods or encryption flaws were not detailed. The malware's primary impact includes unauthorized access to financial accounts, personal data exfiltration, and potential follow-on attacks leveraging stolen credentials. No specific dates, victim counts, or CVE identifiers were mentioned in the report.