The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side

A new infostealer named Storm, emerging in early 2026, steals browser credentials, session cookies, crypto wallets, and more by sending encrypted data to attackers' servers for decryption instead of decrypting locally, evading endpoint security detection. Storm automates session hijacking by restoring authenticated sessions remotely, enabling attackers to access SaaS platforms and cloud environments without triggering password alerts, and it is sold via tiered subscriptions on cybercrime forums.

https://www.bleepingcomputer.com/news/security/the-silent-storm-new-infostealer-hijacks-sessions-decrypts-server-side/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top