<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Malware-Analysis on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/malware-analysis/</link><description>Recent content in Malware-Analysis on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 20 May 2026 14:26:29 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/malware-analysis/index.xml" rel="self" type="application/rss+xml"/><item><title>VoidStealer Steals Chrome Master Key Using a Debugger Trick</title><link>https://hackingpassion.com/voidstealer-chrome-abe-bypass/</link><pubDate>Wed, 20 May 2026 14:26:29 +0200</pubDate><guid>https://hackingpassion.com/voidstealer-chrome-abe-bypass/</guid><description>&lt;p>Chrome keeps saved passwords locked behind one master key. &lt;strong>VoidStealer&lt;/strong> steals that key using a tool Chrome cannot block. It does not need administrator rights, does not touch the browser&amp;rsquo;s code, and when it is done, saved passwords, open login sessions, and stored payment cards are all readable. The technique had been sitting on GitHub as open-source research for over six months. Nobody had used it in the wild until now.&lt;/p></description></item><item><title>How eScan Antivirus Delivered Malware Instead of Protection</title><link>https://hackingpassion.com/escan-antivirus-breach-2026-technical-analysis/</link><pubDate>Tue, 03 Feb 2026 14:07:00 +0100</pubDate><guid>https://hackingpassion.com/escan-antivirus-breach-2026-technical-analysis/</guid><description>&lt;p>eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour window.&lt;/p>
&lt;p>New findings dropped this week. Researchers confirmed the scope of the damage across South Asia. The vendor is now threatening legal action against the security firm that reported it. Two weeks after the attack, we now have the full picture of what went wrong.&lt;/p>
&lt;p>On January 20, 2026, eScan pushed a software update to customers. Nothing unusual, antivirus products update all the time. Except this update contained malware. It came through the official update channel, carried what looked like a legitimate digital signature, and installed itself with full system privileges. That is exactly how antivirus software is supposed to work, which made it the perfect delivery mechanism.&lt;/p></description></item><item><title>Snap Store Domain Hijacking Lets Attackers Push Malware Through Trusted Linux Apps</title><link>https://hackingpassion.com/snap-store-domain-hijacking/</link><pubDate>Fri, 23 Jan 2026 13:49:36 +0100</pubDate><guid>https://hackingpassion.com/snap-store-domain-hijacking/</guid><description>&lt;p>Attackers found a way to hijack legitimate apps in the Snap Store. 7000 packages. Millions of Linux users. One victim already lost 9 Bitcoin. That was $490,000. 🧐&lt;/p>
&lt;p>The Snap Store is the official app store for Ubuntu and other Linux distributions, run by Canonical. When developers publish apps, they sign up with an email on their own domain. Something like &lt;a href="mailto:dev@mycoolproject.tech" rel="">dev@mycoolproject.tech&lt;/a>. But domains expire. People forget to renew, move on to other things, and that domain goes back on the market for anyone to grab.&lt;/p></description></item></channel></rss>