Cybercriminals recently carried out a ransomware attack using a tactic that targets passwords stored in Google Chrome. This unusual approach could have far-reaching effects, according to cybersecurity firm Sophos.

The attack, discovered in July 2024, began when the hackers gained access to a company’s network using stolen VPN credentials that didn’t have extra security measures like multi-factor authentication (MFA).

Once inside, the attackers edited the network’s security settings to run a script that secretly collected users’ Chrome passwords whenever they logged in. This script remained active for over three days, affecting anyone who used their devices during that time.

The attackers then stole the captured passwords and erased any traces of their activity before locking the files and leaving a ransom note in every folder on the system.

Because the stolen passwords were stored in the Chrome browser, affected users must now change their login details for all connected accounts.

"Ransomware groups are constantly evolving their methods," the researchers noted. "If they start targeting stored passwords to break into other systems or gather valuable information, it could signal a troubling new trend in cybercrime."