Don't be harsh on browser users.

Cybercriminals have developed a new weapon that challenges the effectiveness of traditional security measures. It's an advanced form of password theft that targets Google Chrome, Microsoft Edge, and Mozilla Firefox browsers. Its biggest threat isn't just in getting your passwords, but in its ability to completely bypass two-factor authentication (2FA), which is considered the gold standard for protecting user accounts.

The technique used by the new malware is based on stealing session cookies. Instead of simply stealing a username and password and then being stuck asking for a verification code on your phone, attackers steal the entire active session. This trickes the browser into thinking that the user is already successfully logged in and verified, giving attackers direct access to email, bank accounts, and other sensitive services without the system even requiring additional 2FA verification.

The new threat spreads through sophisticated social engineering methods, often using fake browser update pages or suspicious advertisements. Once installed on a system, the software silently runs in the background, searching for browser databases where cookies and passwords are stored. Users who store their passwords in their browsers for easy access are particularly vulnerable, as this data is top of the list for theft. Attackers then transfer this information to their servers, where they can access your digital identities anytime, anywhere.

Security experts emphasize that classic antivirus programs often do not detect this threat immediately, as the code is constantly changing and adapting. Protection requires a multi-layered approach. First of all, users are advised to update their browsers only through official sources and not to click on suspicious ads. In addition, users are advised to use dedicated password managers that do not store data directly in the browser, and to regularly delete session cookies. In addition, users should not use the same password for different online services.