Hudson Rock has uncovered Logins(.)zip, a new and highly effective infostealer that exploits Chromium vulnerabilities to rapidly extract up to 99% of saved credentials and cookies. This sophisticated tool outperforms legacy stealers with its evasion, reliability, and broad target support. #Logins.zip #ChromiumVulnerabilities
Keypoints
- Logins(.)zip is a web-based infostealer built for stealth and speed, targeting multiple browsers including Chrome, Brave, and Edge.
- It exploits undisclosed Chromium security flaws to harvest credentials without requiring admin privileges.
- The malware offers modules for harvesting Discord tokens, Roblox cookies, credit cards, and crypto wallets.
- It incorporates anti-sandbox, anti-debugging, and EDR-evasive techniques like direct syscalls and runtime resolution.
- Effective defenses include browser hardening, endpoint monitoring, and an intelligence-led response to detect and mitigate infections.