RESEARCHERS have discovered malware that hijacks Chrome session cookies through an email attachment disguised as a PDF. This malware uses a malicious Chrome extension for data collection and to execute PowerShell commands on the host system, leveraging legitimate browser features. The attack effectively enables attackers to take over active accounts without needing passwords, effectively bypassing multi-factor authentication.
Users are advised to avoid opening suspicious email attachments and to regularly check installed Chrome extensions. Key indicators of compromise include specific file names and domains associated with the attack.