VoidStealer debugger-based ABE-bypass infostealer
Malware Activity
Summary
Hide ▲
Show ▼
VoidStealer now uses a debugger-based ABE bypass to steal Chrome master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can extract the v20_master_key directly from browser memory without privilege escalation or code injection. The technique also targets msedge.dll, extending the abuse path to Chromium-based browsers. The malware has been advertised as MaaS since at least mid-December 2025 and added the bypass in version 2.0.
Related Happenings
Silent Swap browser-extension clipboard clipper
Malware Activity
H score36
First: 30.06.2026 18:40
Last: 30.06.2026 18:40
Sources 1
About this happening:
The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Silent Swap browser-extension clipboard clipper
Malware ActivityAbout this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
FROST browser SSD timing side channel via OPFS
Technical Analysis
H score16
First: 09.06.2026 12:50
Last: 09.06.2026 12:50
Sources 1
About this happening:
**FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...
FROST browser SSD timing side channel via OPFS
Technical AnalysisAbout this happening: **FROST** turns **browser storage timing** into a **remote SSD side channel** that can identify which **sites** a user visits and which **apps** they open. The technique runs insi...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/Service
H score11
First: 09.04.2026 21:33
Last: 09.04.2026 21:33
Sources 1
About this happening:
Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/ServiceAbout this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Torg Grabber browser-extension theft activity
Malware Activity
H score36
First: 25.03.2026 20:32
Last: 25.03.2026 20:32
Sources 1
About this happening:
The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Torg Grabber browser-extension theft activity
Malware ActivityAbout this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
ShieldGuard browser-extension data-harvesting malware
Malware Activity
H score29
First: 18.03.2026 16:15
Last: 18.03.2026 16:15
Sources 1
About this happening:
A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...
ShieldGuard browser-extension data-harvesting malware
Malware ActivityAbout this happening: A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...
Timeline
-
22.03.2026 16:32 2 articles · 3mo ago
VoidStealer debugger-based Chrome ABE bypass disclosed
Initial DisclosureGen Digital reported that VoidStealer, a malware-as-a-service infostealer advertised on dark web forums since at least mid-December 2025, uses a debugger-based Application-Bound Encryption bypass with hardware breakpoints to extract the v20_master_key from Chrome browser memory without privilege escalation or code injection. The technique targets chrome.dll or msedge.dll and was introduced in VoidStealer version 2.0.
Show sources
- VoidStealer malware steals Chrome master key via debugger trick — www.bleepingcomputer.com — 22.03.2026 16:32
- VoidStealer malware steals Chrome master key via debugger trick — www.bleepingcomputer.com — 22.03.2026 16:32