The ChromePass tool is a legitimate, publicly available service that is created to aid users in recovering their passwords from Chromium-based Web browsers, like Google Chrome. However, evil actors spotted the golden opportunity and weaponized the ChromePass tool quickly.
The ChromePass tool is used both by low-level crooks and high-tier APTs (Advanced Persistent Threats) like the Cycldek hacking group. The Cycldek APT is known to have launched attacks against various government bodies and influential politicians with the help of the ChromePass tool. Most of the ChromePass attacks carried out by the Cycldek hacking group have been concentrated in the South East Asian region. The ChromePass utility aggregates the collected data in an HTML file on the infected system. Since the ChromePass tool alone is not able to siphon the collected data to remote servers, malware experts believe that cyber crooks are using additional threats to exfiltrate the information to their C&C (Command & Control) servers.
Make sure your computer is protected by a genuine, up-to-date anti-malware solution that will not allow tools like the ChromePass to obtain any of your data.