A new generation of infostealer malware is targeting not only credentials, but also active sessions, tokens, and browser data, creating additional risk for companies that rely on cloud services and Microsoft 365 environments.

A new infostealer malware variant known as Storm has drawn attention within the cybersecurity community because of the way it collects sensitive data from compromised devices. According to available reports, this malware gathers browser credentials, session cookies, cryptocurrency wallet information, and other valuable data, then sends them to attacker-controlled infrastructure for decryption. Unlike older approaches, part of the processing is performed outside the local device, making this type of attack more dangerous and harder to detect at an early stage.

What makes threats like this especially serious for business environments is that passwords are no longer the only target. Attackers are increasingly focused on stealing active sessions, tokens, and other elements of a user’s digital identity. In practice, this means that account compromise may no longer look like a traditional password theft scenario. Instead, it can provide unauthorized access to business resources even when multi-factor authentication is enabled. Sophos has previously highlighted that stolen session cookies are increasingly being used to bypass MFA protections and gain access to corporate environments.

For organizations that rely on cloud services, email platforms, and Microsoft 365 environments, this represents a significant security challenge. A single compromised account can create opportunities for identity misuse, unauthorized access to business communications, mailbox rule manipulation, data exposure, and further lateral movement within the organization. This is why prevention alone is no longer enough. Companies also need the ability to detect suspicious activity quickly and respond before the incident escalates.

This is where Sophos MDR plays an important role. When a threat is detected in a Microsoft 365 environment, the Sophos MDR team can take concrete response actions to contain the incident, including blocking user sign-ins, terminating active sessions, and disabling suspicious inbox rules. This gives organizations not only visibility into the threat, but also practical support in responding quickly and reducing the potential impact of an attack.

Modern threats such as Storm clearly show that security can no longer be viewed only through the lens of antivirus protection or password policies. Today, organizations need to protect identities, sessions, cloud application access, and the broader digital environment in which they operate.

If you would like to assess how prepared your organization is for modern identity-based attacks and how to strengthen the protection of business accounts and Microsoft 365 environments, the Smart team can help you choose and implement the right Sophos solution.