Cookie stealing is not working anymore because Google changed their way of encrypting Cookies.

[Onyz107]

This is a bug that I found in all the stealers available on the market right now, after some debugging I found out that all the stealers extract the master key and then try to decrypt the cookies using the master key, but that seems to be patched.

when you try to decrypt the cookies using the Master Key now it now gives you a MAC error (which means that the key for decryption is incorrect).

Seems like chrome and chromium based browsers changed the way they encrypt their cookies.

For firefox though, firefox does not encrypt their cookies at all so they are stored in the database in plaintext ready to be extracted.

Password stealing still working though but Google are planning to add these new changes for password databases and payment databases as well.

check this and this for more information

[smthpy]

Yep. So far they've continued to persist in having the change only affect Cookies, as far as I can tell. I still haven't gone around processing whatever data I may grab yet, so I foresee that assumption being incorrect soon.

It WILL need Administrator Privileges in order to decrypt, which will force stealers and attacks to adapt.

Alternatively, they can do the debug method of grabbing all of the cookies, though I'm going to guess that becomes obsolete, and is impractical in session-stealing situations anyway.