Hackers Steal Sessions, Bypass All Logins

A novel infostealer malware, identified as Storm, has emerged, fundamentally altering account compromise tactics. This malware targets session cookies, enabling attackers to bypass password requirements and even multi-factor authentication, thereby hijacking legitimate user sessions remotely. Storm operates server-side, processing encrypted browser data including credentials and session tokens for both Chromium and Gecko-based browsers. This stealthy approach diminishes visibility for endpoint security solutions by avoiding local decryption of sensitive information.

The stolen session data, combined with location-matching proxy servers, allows attackers to log in undetected. Storm is notably offered as a subscription service, with pricing tiers ranging from a $300 seven-day demo to $1,800-per-month team licenses. This accessibility lowers the entry barrier for cybercrime. Previously deployed malware continues to operate even after subscription expiry, facilitating ongoing data collection and exploitation. The malware has been observed targeting accounts from major platforms like Google and Facebook, as well as cryptocurrency exchanges such as Coinbase and Binance, indicating a broad campaign scope.