VoidStealer debugger-based ABE-bypass infostealer
Malware Activity
Summary
Hide ▲
Show ▼
VoidStealer now uses a debugger-based ABE bypass to steal Chrome master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can extract the v20_master_key directly from browser memory without privilege escalation or code injection. The technique also targets msedge.dll, extending the abuse path to Chromium-based browsers. The malware has been advertised as MaaS since at least mid-December 2025 and added the bypass in version 2.0.
Related Happenings
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/Service
First: 09.04.2026 21:33
Last: 09.04.2026 21:33
Sources 1
About this happening:
Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/ServiceAbout this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Torg Grabber browser-extension theft activity
Malware Activity
First: 25.03.2026 20:32
Last: 25.03.2026 20:32
Sources 1
About this happening:
The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Torg Grabber browser-extension theft activity
Malware ActivityAbout this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
ShieldGuard browser-extension data-harvesting malware
Malware Activity
First: 18.03.2026 16:15
Last: 18.03.2026 16:15
Sources 1
About this happening:
A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...
ShieldGuard browser-extension data-harvesting malware
Malware ActivityAbout this happening: A malicious **ShieldGuard** browser extension was dismantled after it was found harvesting sensitive data from **crypto users**, putting wallet and account information at risk. Th...
MacSync macOS infostealer with dynamic AppleScript and in-memory execution
Malware Activity
First: 16.03.2026 13:41
Last: 16.03.2026 13:41
Sources 1
About this happening:
The **MacSync** macOS infostealer now uses **dynamic AppleScript payloads** and **in-memory execution** to reduce static detection and complicate response. It is being delivered t...
MacSync macOS infostealer with dynamic AppleScript and in-memory execution
Malware ActivityAbout this happening: The **MacSync** macOS infostealer now uses **dynamic AppleScript payloads** and **in-memory execution** to reduce static detection and complicate response. It is being delivered t...
Latest development: 10.05.2026 20:52
A MacSync macOS infostealer campaign is abusing Google Ads and legitimate Claude.ai shared chats to lure users searching for "Claude mac download" into following Terminal instructions that download and run malware on their Mac. One observed variant uses polymorphic delivery, checks for Russian or CIS-region keyboard input sources and sends a cis_blocked ping before exiting, then profiles the victim with external IP address, hostname, OS version, and keyboard locale before using osascript to run a second-stage payload; another variant skips profiling and exfiltrates browser credentials, cookies, and macOS Keychain contents.
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
Vulnerability
First: 13.03.2026 11:17
Last: 13.03.2026 11:17
Sources 1
About this happening:
**Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
VulnerabilityAbout this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Timeline
-
22.03.2026 16:32 2 articles · 2mo ago
VoidStealer debugger-based Chrome ABE bypass disclosed
Initial DisclosureGen Digital reported that VoidStealer, a malware-as-a-service infostealer advertised on dark web forums since at least mid-December 2025, uses a debugger-based Application-Bound Encryption bypass with hardware breakpoints to extract the v20_master_key from Chrome browser memory without privilege escalation or code injection. The technique targets chrome.dll or msedge.dll and was introduced in VoidStealer version 2.0.
Show sources
- VoidStealer malware steals Chrome master key via debugger trick — www.bleepingcomputer.com — 22.03.2026 16:32
- VoidStealer malware steals Chrome master key via debugger trick — www.bleepingcomputer.com — 22.03.2026 16:32