Security Firm Warns Of RedLine Malware Plucking Passwords Saved In Your Browser
Do you let your browser store logins for websites like Twitter, Facebook, or HotHardware? Well, you probably shouldn't. Not only does it let anyone who gets on your PC access your personal information, but it also opens you up to easy attacks from "info-stealer" malware.
South Korean cyber-security firm Ahnlab just put out a report warning of exactly such a malware, known as "RedLine Stealer." It's exactly what it sounds like: you get infected by a software that steals personal data, particularly targeting credentials and log-in data. The software was developed in Russia, and it's sold for $150-$200 on cyber-crime forums.
RedLine Stealer actually showed up in the middle of last year, but it's been gaining in popularity rapidly over the last few months because it's easy to deploy and highly effective. As an example, AhnLab presents the case of a customer that had his VPN account credentials stolen by RedLine. The system had an installed security package, but it did not detect the malware. Those same credentials were used to break into his company's network some three months later.
Interestingly, even if you decline to save your password data, Chromium-based browsers will record the site in the "Login Data" database. The purpose of this is apparently to blacklist the site from having its login data stored, but while that will prevent RedLine Stealer from getting your password, it still tells the malware operator that you have an account on that site. From there, they could use social engineering (like phishing) or credential stuffing to attack the user's account.
It's probably not news to regular HotHardware readers, but the safest thing to do with your passwords is to stick them in a dedicated password manager like 1Password. That way your credentials get a second layer of security with your master password. You should also make sure you have two-factor authentication enabled everywhere you can.