Home > Lifestyle > Internet

How to Protect Google Chrome From Rust Malware Like EDDIESTEALER

By Sayak Boral
Featured image: Secure Google Chrome browser from Rust Malware like EDDIESTEALER.

Rust is among the system programming languages used in Google Chrome’s backend. Recently, a Rust-based malware called EDDIESTEALER began attacking Chrome users through fake CAPTCHA verification pages. This isn’t the first time, as similar incidents have been reported before. Below are solutions to protect your Google Chrome browser from Rust malware threats.

Rust Malware in Chrome: Why It’s So Effective

Rust-based malware is highly effective in Google Chrome because it hides its code using social engineering while bypassing Chrome’s app bound encryption, introduced in version 127. Rust uses string and API obfuscation, self deletion, and multi-stage payloads to sneak malware into web browsers. Chrome’s widespread use and user trust make it the biggest target.

EDDIESTEALER is a recent Rust-based infostealer analyzed by Elastic Security Labs on May 30, 2025. It targets Chrome users through fake CAPTCHA prompts on compromised websites, tricking Windows users into pasting a malicious PowerShell command in Run. This downloads an obfuscated JavaScript payload (“gverify.js”) to your PC’s Downloads folder.

Leveraging Rust’s stealth capabilities, the malware evades Chrome’s sandbox (similar to CVE-2025-2783) and deletes itself. Its payload steals data from cryptocurrency wallets like Bitcoin and WasabiWallet, password managers like Bitwarden and KeePass, and apps like Telegram Desktop.

EDDIESTEALER is following the pattern of previous Rust malware that have targeted Chrome, such as “Fickle Stealer,” which emerged in mid 2024, and “StealC,” noted in early 2023. All three have used social engineering like fake CAPTCHAs, phishing, and malicious ads respectively to initiate multi-stage attacks.

Use Chrome’s Enhanced Protection Mode

On your Chrome browser page, click the three-dot menu on top right, followed by Settings -> Privacy and security -> Security -> Enable Enhanced protection.

Enabling Chrome's "Enhanced protection" mode for best protection against dangerous sites.

The Enhanced protection mode uses machine learning and AI to detect threats in real time. While Rust malware threats are user initiated, the enhanced mode is more effective at identifying fake CAPTCHAs and unverified sites, and issuing “insecure download blocked” warnings. Additionally, avoid visiting Chrome webpages flagged as Not Secure for extra peace of mind.

Disable JavaScript for Sites You Don’t Trust (Optional)

This setting is optional for Chrome users who visit only a few websites or have separate Chrome profiles earmarked to block JavaScript entirely.

Go to Settings -> Privacy and security -> Site Settings -> Content -> JavaScript -> Choose Don’t allow JavaScript. You can later add multiple trusted sites to exceptions below this setting by clicking Add next to Allowed to use JavaScript.

"Don't allow sites to use JavaScript" under Chrome's JavaScript settings.

All Rust-based malware examples we have seen so far have used JavaScript to advance the payload on your Chrome browser. The above minimal JavaScript setting is an easy way to halt it entirely. However, it may not be convenient to keep whitelisting websites for JavaScript. But, again, many modern websites, such as DuckDuckGo, offer JavaScript-free versions.

Related: there are other ways to block intrusive JavaScript on Chrome and Firefox.

Prevent Sites to Automatically Download Multiple Files

If you want to avoid whitelisting JavaScript, you can instead restrict uncontrolled downloads.

First, go to Settings -> Downloads -> Enable Ask where to save each file.

After that, go to Settings -> Privacy and security -> Site Settings -> Additional permissions -> Automatic downloads -> Select Don’t allow sites to automatically download multiple files.

No automatic downloads setting in Google Chrome browser.

The above setting prevents malicious JavaScript payloads, such as “gverify.js” in EDDIESTEALER, from downloading in the background without your knowledge.

Prevent Rust Malware With Strict Site Isolation

On the Chrome address bar, type Chrome://flags, and hit Enter. Now go to a flag called Disable site isolation, and ensure it is kept at Default.

Strict site isolation enabled in Google Chrome Flags as "Default."

The above setting isolates web processes to limit memory-based exploits by all web-based malware, including Rust malware. You can also achieve this isolation through other methods such as Chrome Properties in Windows.

Download Extensions Only from Chrome Web Store

Chrome supports third party extensions, but downloading them from the Chrome Web Store helps protect against malware that uses hidden APIs to launch attacks. EDDIESTEALER employed this tactic, leveraging Rust’s stealthy programming to bypass Chrome’s sandbox detection and other red flags.

For added security against Chrome-based malware, Google has begun phasing out SMS-based two factor authentication. Instead, it offers more secure alternatives like passkeys and authenticator apps, which should be enabled as soon as possible.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Sayak Boral Avatar
Sayak Boral
Sayak Boral is a technology writer with over eleven years of experience working in different industries including semiconductors, IoT, enterprise IT, telecommunications OSS/BSS, and network security. He has been writing for MakeTechEasier on a wide range of technical topics including Windows, Android, Internet, Hardware Guides, Browsers, Software Tools, and Product Reviews.

Read next

Intricate network of tree roots and moss on a forest hillside, showcasing nature's resilience.
Suzanne Simard sealed paper birch and Douglas fir seedlings inside plastic bags, fed them carbon-14 and carbon-13 dioxide, and nine days later found carbon had crossed between species through fungal threads in the British Columbia soil beneath her boots
Close-up of glowing jellyfish swimming gracefully in deep green ocean waters.
A species of jellyfish called Turritopsis dohrnii can revert its adult cells back to a juvenile polyp stage when injured or starving, effectively restarting its life cycle, and biologists have so far failed to identify any natural limit to how many times it can do this.
Elderly man with beard and bandana, reacting to smartphone while seated indoors.
A Japanese man named Jiroemon Kimura, who lived to 116, was born in 1897 when Queen Victoria still ruled and died in 2013, meaning a single human life personally overlapped with the invention of the airplane, the atomic bomb, the internet, and Instagram
A lively view of Hollywood Boulevard with iconic landmarks and busy street life under a clear sky.
The Hollywood sign originally read HOLLYWOODLAND when it was built in 1923 as a real estate advertisement for a housing development, and it was only meant to stand for 18 months, but nobody ever got around to taking it down and the city eventually adopted it as a landmark
Almost all of the world’s internet traffic does not travel by satellite but through fibre-optic cables lying on the ocean floor, a hidden web of wires crossing the deepest parts of the sea to connect the continents.
People who flip their phone face down on every table aren’t being secretive. They figured out that staying interruptible meant handing their time to whoever rang first
Twitch Vs Youtube Gaming Vs Facebook Gaming Featured
Twitch vs. Facebook Gaming vs. YouTube Gaming: What’s the Best Live Game Streaming Platform?
Laptop on a table with Chrome extensions page and a solid infect extension icon on display
Chrome Extensions Ownership Transfer is a Direct Threat to You: How to Stay Safe