logo

Vidar ABE Bypass Technique Steals Browser Keys

ID: 53801fa7-059c-5412-92ca-8d7e5d1fc999

STIX ID: report--53801fa7-059c-5412-92ca-8d7e5d1fc999

Feed Name: securityonline.info

Threat Score
70/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Do Son

...
...

Gen Digital researchers describe a Vidar infostealer Application-Bound Encryption (ABE) bypass that extracts browser master keys by forking browser processes to create static memory snapshots, scanning for a 32-byte key pattern, and using Asynchronous Procedure Call (APC) injections into the live browser to trigger decryption and then read the key from a second snapshot; the technique enables theft of saved passwords and cookies via malware typically delivered by malicious downloads or phishing. The report highlights behavioral detection opportunities—unauthorized process forking and unusual APC injections targeting browser threads—and recommends monitoring those signals.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.