NEW INFOSTEALER 'STORM' BYPASSES MFA WITH SERVER-SIDE DECRYPTION

Storm represents a shift in infostealer tactics. Rather than decrypting stolen credentials locally—a process that leaves traces—the malware exfiltrates encrypted browser session data directly to attacker infrastructure for decryption. This approach allows attackers to hijack active sessions without needing plaintext passwords, effectively bypassing multi-factor authentication protections. Victims remain logged in while attackers operate under their credentials. Varionis detailed how Storm targets browser storage containing session tokens and authentication data. The server-side decryption model reduces detection risk, as no decryption keys touch the compromised machine. The technique underscores evolving infostealer sophistication. Organizations should monitor for unusual session activity, implement endpoint detection tools, and enforce regular session invalidation to limit exposure windows.