Find notable cyber news and cases, enriched with sources, timelines, and signals.

VoidStealer debugger-based ABE-bypass infostealer

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

VoidStealer now uses a debugger-based ABE bypass to steal Chrome master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can extract the v20_master_key directly from browser memory without privilege escalation or code injection. The technique also targets msedge.dll, extending the abuse path to Chromium-based browsers. The malware has been advertised as MaaS since at least mid-December 2025 and added the bypass in version 2.0.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

FROST browser SSD timing side channel via OPFS

Technical Analysis
H score16 First: 09.06.2026 12:50 Last: 09.06.2026 12:50 Sources 1

About this happening: **FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
H score11 First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Torg Grabber browser-extension theft activity

Malware Activity
H score36 First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

ShieldGuard browser-extension data-harvesting malware

Malware Activity
H score29 First: 18.03.2026 16:15 Last: 18.03.2026 16:15 Sources 1

About this happening: A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...

Timeline

  1. 22.03.2026 16:32 2 articles · 3mo ago

    VoidStealer debugger-based Chrome ABE bypass disclosed

    Initial Disclosure

    Gen Digital reported that VoidStealer, a malware-as-a-service infostealer advertised on dark web forums since at least mid-December 2025, uses a debugger-based Application-Bound Encryption bypass with hardware breakpoints to extract the v20_master_key from Chrome browser memory without privilege escalation or code injection. The technique targets chrome.dll or msedge.dll and was introduced in VoidStealer version 2.0.

    Show sources