What is Storm infostealer and how does it work?

Storm's a subscription malware ($900/month) that steals browser data like cookies and creds, exfils encrypted to attacker servers for decryption—bypassing local detection.

Does Storm beat Chrome's App-Bound Encryption?

Yes, by avoiding local decryption entirely; it ships encrypted files server-side, evading EDR tools that watch for on-device tampering.

Can Storm hijack my active sessions?

Absolutely—its panel auto-restores stolen cookies with proxies, granting passwordless access to SaaS, email, crypto accounts.

🦠 Ransomware & Malware

Storm Infostealer: Your Browser Sessions Are Now for Sale, Undetected

Imagine logging into your corporate email, only for a cybercrook halfway across the world to slip in behind you—using your own active session. Storm's doing exactly that, and it's dirt cheap.

CVE Watch Apr 12, 2026 4 min read

Storm infostealer control panel showing hijacked browser sessions and decrypted credentials

⚡ Key Takeaways

Storm decrypts stolen browser data server-side, dodging endpoint detection tools. 𝕏
Automated session hijacking bypasses MFA, enabling passwordless access to SaaS and cloud tools. 𝕏
Sold as cheap SaaS ($900/month), it's fueling account takeovers worldwide with 1,700+ active logs. 𝕏

Published by

CVE Watch

Threat intelligence. Zero noise.

#Storm malware #browser credential theft #credential theft #infostealer #server-side decryption #session hijacking

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Varonis Blog

⚡ Key Takeaways

The 60-Second TL;DR

CVE Watch

Share this article

Worth sharing?

Related Stories

Infostealers Nabbed 2.3 Billion Creds Last Year—Your Breach Alerts Missed Most

Storm Infostealer: Hackers Now Decrypt Your Passwords on Their Servers

LiteLLM's Poisoned PyPI Packages Turned Dev Laptops Into Open Credential Safes

APT28's Router Trap: How Russian Hackers Are Siphoning Your Secrets Through Everyday WiFi Gear

Stay in the loop