Google Chrome AES-256 Password Encryption Proves No Match For Crafty Malware Devs

Google Chrome
Google began rolling out version 80 of its Chrome browser to the public at large in early February, with the most publicized feature being a new cookie classification system designed to give users more control over cookie controls. While cookie handling dominated the headlines, Chrome 80 also added stronger encryption, though perhaps not strong enough.

Starting with Chrome 80, the browser encrypts local passwords and cookies in Windows using AES-256 encryption. Prior to Chrome 80, the browser leveraged the data protection API (DPAPI) built into the OS to handle encryption chores. And it still does, but AES-256 acts as another layer of protection for added security.

This was thought to thwart AZORult, which first appeared in 2016 and was one of the top 10 active malware strains in 2019. Its author actually abandoned the malware in 2018, but others have picked it up and kept it active. Unfortunately, one of the newer builds that has manifested claims to support Chrome 80, meaning it is capable of breaking Google's tightened controls.

AZORult is not the only bit of malware to defeat Chrome 80's enhanced encryption scheme. The folks at BleepingComputer gave a rundown of several malware types and campaigns that have done the same thing. According to the site, malware makers have been scrambling to update their tools to continue stealing data from Chrome users, even if they are running the latest build.

"While Chrome adding AES encryption for cookies and passwords created ripples in the malware world, the disturbance was short-lasting for most malicious tools," the site noted.

It took just days for updated malware tools to appear with claimed support for Chrome 80. One of them is called Raccoon, and the newest release is apparently capable of nabbing data from nearly 60 apps, including all popular web browsers, Chrome 80 included.

Perhaps malware authors are seeing the added security as a challenge, because it's not just old tools getting makeovers. Brand new info-stealing software has emerged, with their authors claiming out-of-the-box support for Chrome 80.

What can you do? Well, common sense computing habits are still your best bet. Things like never clicking on unsolicited links or downloading unexpected attachments in emails, typing URLs directly into your browser, and being vigilant against phishing schemes.