Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
Storm infostealer sold as subscription service bypasses Chrome encryption, targets browsers and crypto wallets.
Summary
Varonis Threat Labs discovered Storm infostealer, a malicious subscription service priced from $300–$1,800 that harvels browser credentials, session cookies, and cryptocurrency wallet data using server-side decryption to evade detection. The tool bypasses Google Chrome's App-Bound Encryption (introduced in Chrome 127) and targets Chromium-based and Gecko-based browsers including Edge and Firefox. With 1,715+ documented victims in India, Brazil, the US, and UK, Storm also targets Telegram, Signal, Discord, and crypto exchanges like Binance and Coinbase, making MFA ineffective by hijacking active sessions.
Full text
Security MalwareStorm Infostealer Sold as Service, Targets Browsers, Wallets and AccountsbyDeeba AhmedApril 2, 20262 minute read New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption. Learn how this tool uses server-side decryption and cookie theft to target crypto wallets and private accounts without triggering security alarms. A new threat dubbed Storm infostealer is finding ways to break into our web browsers. Discovered by Varonis Threat Labs in early 2026, Storm is a malicious program that, upon infection, looks to harvest victims’ browser credentials, session cookies, crypto wallets, and related data, among other information. Once the information is collected, it is then sent to a private server owned by the attackers. According to researchers, Storm infostealer uses a technique called server-side decryption for this purpose, which also makes it difficult for antivirus software to detect, since there is no telemetry data left. This is a direct response to App-Bound Encryption, a security shield Google introduced in Chrome 127 back in July 2024. While that update was meant to tie encryption keys directly to the browser to prevent data theft, Storm infostealer has the ability to bypass this obstacle. Additionally, besides Google Chrome, it can also extract data from other Chromium-based browsers and Gecko-based browsers, including Microsoft Edge, Firefox, and Waterfox. As Varonis researchers noted, the tool has a very broad range of target browsers. No wonder it has been “productised and sold as a subscription feature,” with prices starting at $300 for a seven-day demo and climbing to $1,800 for professional criminal teams. Storm Stealer’s forum listing (Source: Varonis) What’s worse, since Storm infostealer can hijack sessions, for your information, if a hacker has your session cookie, your Multi-Factor Authentication (MFA) becomes completely irrelevant because they are already “in.” Varonis found that the tool is already being used in the wild, with a logs panel showing 1,715 entries from victims in the following countries: India Brazil United States United Kingdom However, the threat doesn’t end there. Storm Infostealer also targets Telegram, Signal, and Discord accounts, while simultaneously hunting for crypto wallets on platforms like Binance and Coinbase. It can even take screenshots across multiple monitors to see exactly what you’re working on. Build configuration of Storm infostealer (Source: Varonis) To protect your devices and data from Storm infostealers, users should know that hackers rely on their sessions staying active for long periods; therefore, manually logging out of sensitive banking or crypto accounts when you are finished is important, rather than just closing the tab. As Varonis threat experts warn in the report, these stolen sessions are usually just “the start of what comes next,” leading to total account takeovers that ignore even the strongest passwords. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts ChromeCyber AttackCybersecurityInfostealerMalwareStormVaronis Leave a Reply Cancel reply View Comments (0) Related Posts Hacking News Security Japanese hosting company Kagoya hacked; credit card data stolen Kagoya, a famous hosting service provider in Japan has suffered a security breach in which personal and financial… byWaqas Security Phishing Scam Scams and Fraud Holiday and Christmas scams users should be aware of “It’s that time of the year again” when Holiday and Christmas scams target users around the world since millions of people… byCarolina Cyber Attacks Security N Korean hackers used VPN flaws to breach S Korean atomic agency Korea Atomic Energy Research Institute (KAERI) has disclosed that its internal network suffered a cyber attack by hackers from North Korea. byDeeba Ahmed Security Technology Brace Yourself for Kaspersky’s “Hack-proof” Operating System Kaspersky is a security software developer and cyber security firm that is trusted by people globally. So, when… byAgan Uzunovic
Indicators of Compromise
- malware — Storm infostealer