Credit: The original article is published here.
Storm infostealer hijacks session cookies, bypassing multi-factor authentication, harvesting credentials, and enabling persistent account access across enterprise and cryptocurrency systems globally.
‘Stolen session cookies render MFA irrelevant’: How $900-per-month turnkey malware is putting enterprise-grade account hijacking in the hands of rookie hackers
![[Aggregator] Downloaded image for imported item #115993](https://kcmicro.com/wp-content/uploads/2026/04/PQs2rrur46QMwf8zaU3VXj-1280-80-800x500.jpg "[Aggregator] Downloaded image for imported item #115993")
![[Aggregator] Downloaded image for imported item #117026](https://kcmicro.com/wp-content/uploads/2026/04/security_Iran_GettyImages-2265328878-800x500.jpg "[Aggregator] Downloaded image for imported item #117026")
![[Aggregator] Downloaded image for imported item #116984](https://kcmicro.com/wp-content/uploads/2026/04/04072026_New20Anthropic20Industry20Coalition20Racing20to20Use20Private20Claude20Mythos20Model20To20Secure20Software-800x500.jpg "[Aggregator] Downloaded image for imported item #116984")