Security Researchers Uncover 'Storm' Infostealer's Remote Credential Decryption
Security researchers at Varonis have identified a new strain of malware known as 'Storm' that targets browser credentials, session cookies, and crypto wallets. This infostealer emerged on cybercrime networks in early 2026 and represents a significant shift in credential theft tactics. Unlike traditional methods that decrypt data locally, Storm sends encrypted files to the attacker's server for decryption. This approach circumvents security measures introduced by Google in Chrome 127, which made local decryption more challenging. Storm handles data from both Chromium and Gecko-based browsers server-side, enhancing its stealth capabilities. The malware automates the retrieval of stolen logs, allowing attackers to restore hijacked sessions remotely without triggering alerts. It targets high-value platforms such as Google, Facebook, and major cryptocurrency services, with compromised data often traded on credential marketplaces. 
