- Feb 1, 2013
- 970
Linus Tech Tips & Techquickie is Breached
- Thread starter marksti64
- Start date
- Feb 7, 2023
- 2,349
Eset has exlained it:
ESET Smart Security Premium and ESET Internet Security contain a built-in list of predefined websites that will trigger a secure browser to open. You can add a website or edit the list of websites in the product configuration.
They don’t mention managing access to credentials anywhere. They just open certain websites in secure environment. If you always bank via this feature, cookies may be protected. But criminals will be mainly interested in opening your email. From there, they will gain access to everything else. They will also exfiltrate saved passwords in various managers.
- Feb 1, 2013
- 970
- Feb 7, 2023
- 2,349
It only gets triggered when you open a banking website (as per Eset website). And even if it was triggered on all sites, Eset doesn’t prevent programs from accessing your browsers repository. You should be able to create a HIPS rule that will do that but banking protection is a gimmick and won’t help you against these attacks. Attackers will copy the whole browser repository and Eset will just be sitting there.
You see those switches that say “Enhanced Memory Protection, Keyboard protection”.
The cookies are neither in memory, nor is is the user typing them. They are in this folder:
%APPDATA%/Google/Chrome.
- Feb 1, 2013
- 970
I know how this works, I just didn't study the malware's behaviour. Even priviledge escalation is not necessary I think.. thanks!
- Feb 7, 2023
- 2,349
It is very common behaviour to copy the browser repositories and even cheap RATs like njRAT which is widely available cracked would do the job. UAC doesn’t work against njRAT and it would copy information from ALL user accounts even if you set the folder only accessible by a specific user.
- Feb 1, 2013
- 970
I wonder if cr
.
At last, caution and malware definitions is the way to go i guess.
Despite Edge uses Credential Manager sth not being used by other browsers, all browsers repos login data can bring hackers the actual credentials
.
At last, caution and malware definitions is the way to go i guess.
- Feb 7, 2023
- 2,349
More recent stealers target some third party managers as well. So yeah, caution and AV identification is the way to go definitely.
lol, Linus Techtips has had revenue of 5+ million euros per year for a while.
Linus himself has been a multi-millionaire for at least the past 10 years off his channel.
Linus himself has been a multi-millionaire for at least the past 10 years off his channel.
- Apr 5, 2021
- 620
In these forums and others, it's funny how at least someone mentions the numerous vulnerabilities and LOLBins in Linux compared to Windows, yet if you stick to recommended repositories and keep it updated, Linux is a completely worry-free OS. I run Linux with kernel based Apparmor-enforced browsers (most likely way overkill), UFW with default-deny out/In, and apply all updates in a timely manner, which btw install significantly faster than the snail pace of Windows updates, and there is nothing to worry about. Security in Linux is actually boring because little is needed to keep it secure. With no more than 2% user base, no one cares to go after it. Yes, "security thorough obscurity" really is a thing
- Jan 27, 2018
- 1,410
I can say the same about Windows though, worry free, boring and secure. I have a 11 year old desktop that runs W10, boots in 15 seconds, loads web pages instantly and runs every program I need. Windows updates never give me any issues and I have no issues with security, whether I'm running FSecure, Microsoft Defender , Voodoo Shield, Malwarebytes, Configure Defender or Simple Windows Hardening its basically all quite on the western front, no issues, no infections, no nothing. Plus with Windows I actually have options for any programs I want to install.
- Feb 1, 2013
- 970
I wonder if it’s that easy to steal and decrypt credentials data in Linux too.
- Feb 7, 2023
- 2,349
There are some stealers.
New stealthy OrBit malware steals data from Linux devices
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine.
www.bleepingcomputer.com
- Feb 1, 2013
- 970
it's interesting though, that when having saved passwords in Windows 11 browsers, and tried using browserpassview utility by Nirsoft, I noticed the following:There are some stealers.
New stealthy OrBit malware steals data from Linux devices
A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine.www.bleepingcomputer.com
Edge: (custom primary password or device password or no password) & (sync on or off): the utility managed to decrypt my password
Firefox: no sync & (master password or no master password): the utility managed to decrypt my passwordFirefox: sync on & (no master password: the utility managed to decrypt my logins
Firefox: sync on & master password): the utility did not manage to decrypt my logins
Chrome: sync on (there is no master password option) The utility managed to decrypt my logins
Nirsoft tool is a specific simplistic tool, for legit usage, so no serious assumption can be made granted that the behaviour could be just a bug (I dont know what exactly firefox master password protects), but this behaviour maybe is a indication of Firefox with sync & master password is more secure than Edge with same settings.
Last edited:
- Aug 17, 2017
- 1,609
Similar threads
