This New Tool Can Steal Your Passwords And Info – Even With 2FA Enabled

Storm’s technical edge lies in stealing encrypted browser files rather than cracking them locally. By routing stolen SQLite databases to a remote server, the malware sidesteps browser‑based defenses such as App‑Bound Encryption. Once the data reaches the attacker’s infrastructure, it is decrypted in a controlled environment, allowing the creation of valid session cookies that silently bypass two‑factor authentication. This remote‑first approach expands the attack surface, making even well‑configured Windows workstations vulnerable to credential theft, crypto wallet hijacking, and real‑time data harvesting.

The malware’s distribution model mirrors legitimate SaaS offerings, positioning Storm as a subscription‑based weapon. A $300 trial grants full access for a week, while a $900 monthly fee unlocks continuous operation, and an $1,800 enterprise tier supports up to 100 operators. This pricing structure lowers the barrier to entry for low‑skill cybercriminals, turning sophisticated credential‑stealing capabilities into a commoditized service. As a result, the threat can scale rapidly, pressuring security teams to monitor not only traditional malware signatures but also the emerging ecosystem of cyber‑crime marketplaces.

Mitigation now requires a layered strategy. Enabling passkeys wherever possible eliminates reliance on OTP‑based 2FA that Storm can circumvent via session cookies. Organizations should enforce strict browser hardening, regularly update Chromium‑based browsers, and deploy endpoint detection that flags anomalous file exfiltration. Continuous monitoring for unfamiliar login locations and unexpected password changes can provide early warning of a breach. Ultimately, the rise of remote‑decryption infostealers like Storm underscores the need for zero‑trust architectures and proactive threat‑intel sharing across the industry.