Storm Infostealer Hijacks Sessions, Bypasses MFA

The new ‘Storm’ infostealer hijacks sessions by bypassing local decryption, opting instead to send browser data directly to attacker-controlled servers. This method enables server-side decryption, effectively allowing hackers to intercept and hijack user sessions without needing to crack passwords or bypass multi-factor authentication. Cybersecurity firm Varonis highlights the risk posed by such tactics, which exploit vulnerabilities in web session handling. By avoiding the need for local decryption, ‘Storm’ sidesteps traditional security measures, making it a significant threat to individuals and organizations alike.

The innovative method employed by the ‘Storm’ infostealer represents a concerning evolution in cyber threats. With the ability to bypass established security protocols like MFA, this tool could redefine how cybercriminals target information systems. As security experts study its behavior, users are advised to remain vigilant and ensure their browsers and security software are up to date. Read the full details in the official article.

https://www.bleepingcomputer.com/news/security/the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side/