GroupUnknown cybercriminal operator(s); attribution unconfirmedTypeInfostealer-as-a-ServiceMalwareStorm; a session-hijacking credential stealer that exfiltrates encrypted browser data to attacker infrastructure for server-side decryption, bypassing Chrome App-Bound Encryption and endpoint detectionScore🟠 8.5 High. Actively deployed against confirmed victims across at least six countries, defeats Google Chrome's App-Bound Encryption, renders MFA