The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

📅 13 April 2026 at 14:05 UTC📰 Bleeping ComputerView original source ↗

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

The 'Storm' infostealer allows attackers to hijack user sessions, bypassing passwords and MFA by decrypting server-side data, rendering traditional security measures ineffective.

⚙️Technical Details

Affected Systems

Windows

Attack Vectors

Server-side decryption

💥Impact Assessment

Severity: H

Who Is at Risk

Users with active sessions on affected systems

🛡️Recommended Actions

1Regularly review and update browser extensions

2Implement multi-factor authentication for all accounts

3Use a reputable antivirus solution to detect potential threats

📦Affected Products

Varonis

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed