RedLine malware shows why passwords shouldn't be saved in browsers

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,844
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.

This malware is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.

However, a new report by AhnLab ASEC warns that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem affecting both organizations and individuals.

In an example presented by the analysts, a remote employee lost VPN account credentials to RedLine Stealer actors who used the information to hack the company's network three months later.

Even though the infected computer had an anti-malware solution installed, it failed to detect and remove RedLine Stealer.
What to do instead

Using your web browser to store your login credentials is tempting and convenient, but doing so is risky even without malware infections.

By doing so, a local or remote actor with access to your machine could steal all your passwords in a matter of minutes.

Instead, it would be best to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.

Moreover, you should configure specific rules for sensitive websites such as e-banking portals or corporate asset webpages, requiring manual credential input.

Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.
 

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,844
So Firefox with disabled "auto fill passwords" while using a master password is ok? (They only mention Chromium based browsers)
Joke aside for important websites I would still use a password manager :D
From the report of AhnLab ASEC:
Main FeaturesDescription
Collecting Information– Collecting and stealing information saved to browsers
– Login account and password
– Cookies
– Autofill
– Credit card information
– Browsers targeted for attack
All Chromium-based browsers
All Gecko-based browsers
– Cryptocurrency wallet information
– Seed file saved to the system
Internet Explorer is safe :D
 

show-Zi

Level 33
Verified
Top poster
Well-known
Jan 28, 2018
2,276
I think it's safer to feel a little inconvenient about managing passwords. I think that if you seek too much comfort and convenience, it will lead to a decrease in safety.
Browsers are always vulnerable. Saving a password is like revealing your secret to a gossip-loving acquaintance.
 

oldschool

Level 66
Verified
Top poster
Well-known
Mar 29, 2018
5,585
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

Edge has these settings:

1640828238924.png
If Edge users don't use "With device password" then it will autofill on page load.

Edge users need to enable this flag
Code:
Fill passwords on account selection
to disallow password autofilling on page load.

Brave has the setting option to turn Off auto sign-in.
 

Azure

Level 27
Verified
Top poster
Content Creator
Oct 23, 2014
1,607
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

Edge has these settings:

View attachment 263231
If Edge users don't use "With device password" then it will autofill on page load.

Edge users need to enable this flag
Code:
Fill passwords on account selection
to disallow password autofilling on page load.

Brave has the setting option to turn Off auto sign-in.
You can also use a password manager without requiring a browser add-on / extension
 

South Park

Level 8
Verified
Jun 23, 2018
394
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

I agree with Tavis O that "security" extensions tend to weaken browser security, but KeePass portable 2.x works fine for me on Windows 10 in all major browsers without any extensions. (He also wrote that before RedLine became prevalent.) Firefox Lockwise might be safer than the Chrome-based password managers if one uses a master password instead of decrypting with the Windows password at sign-in, but it's still limited compared to KeePass (for example, it can only export passwords as plain text).
 

Correlate

Level 16
Verified
Top poster
Well-known
May 4, 2019
730
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware.

RedLine is currently the most widely used information-stealing malware
 

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,844
Unfortunately, if your email address is listed in the RedLine malware logs, it's not enough to just change the passwords associated with that email account.

As RedLine targets all of your data, you must change your password for all accounts used on the machine, including corporate VPN and email accounts, and other personal accounts.

Furthermore, as RedLine attempts to steal cryptocurrency wallets, you should immediately transfer the tokens to another wallet if you own any.

Finally, if your email is listed as part of the RedLine records, you should scan your computer using an antivirus software to detect and remove any installed malware.