RedLine malware shows why passwords shouldn't be saved in browsers

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.

This malware is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.

However, a new report by AhnLab ASEC warns that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem affecting both organizations and individuals.

In an example presented by the analysts, a remote employee lost VPN account credentials to RedLine Stealer actors who used the information to hack the company's network three months later.

Even though the infected computer had an anti-malware solution installed, it failed to detect and remove RedLine Stealer.
What to do instead

Using your web browser to store your login credentials is tempting and convenient, but doing so is risky even without malware infections.

By doing so, a local or remote actor with access to your machine could steal all your passwords in a matter of minutes.

Instead, it would be best to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.

Moreover, you should configure specific rules for sensitive websites such as e-banking portals or corporate asset webpages, requiring manual credential input.

Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
So Firefox with disabled "auto fill passwords" while using a master password is ok? (They only mention Chromium based browsers)
Joke aside for important websites I would still use a password manager :D
From the report of AhnLab ASEC:
Main FeaturesDescription
Collecting Information– Collecting and stealing information saved to browsers
– Login account and password
– Cookies
– Autofill
– Credit card information
– Browsers targeted for attack
All Chromium-based browsers
All Gecko-based browsers
– Cryptocurrency wallet information
– Seed file saved to the system
Internet Explorer is safe :D
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
I think it's safer to feel a little inconvenient about managing passwords. I think that if you seek too much comfort and convenience, it will lead to a decrease in safety.
Browsers are always vulnerable. Saving a password is like revealing your secret to a gossip-loving acquaintance.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
To that end I have wilted under the pressure and installed and setup my logins in Keepass ...:p Seriously, I will likely use it instead of the browser for pw storage.
An advantage is being able to store all passwords in one place, instead of strewn across various browsers. KP also has great password-creation tools and many other features.
 

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
547
An advantage is being able to store all passwords in one place, instead of strewn across various browsers. KP also has great password-creation tools and many other features.

All my passwords are entered into KP. It does feel better having them with me only and not in the cloud (Lastpass), and the browser.
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

Edge has these settings:

1640828238924.png
If Edge users don't use "With device password" then it will autofill on page load.

Edge users need to enable this flag
Code:
Fill passwords on account selection
to disallow password autofilling on page load.

Brave has the setting option to turn Off auto sign-in.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

Edge has these settings:

View attachment 263231
If Edge users don't use "With device password" then it will autofill on page load.

Edge users need to enable this flag
Code:
Fill passwords on account selection
to disallow password autofilling on page load.

Brave has the setting option to turn Off auto sign-in.
You can also use a password manager without requiring a browser add-on / extension
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
Use of password manager vs browser built-in is debatable. Here's an alternate view:
Password Managers.

I agree with Tavis O that "security" extensions tend to weaken browser security, but KeePass portable 2.x works fine for me on Windows 10 in all major browsers without any extensions. (He also wrote that before RedLine became prevalent.) Firefox Lockwise might be safer than the Chrome-based password managers if one uses a master password instead of decrypting with the Windows password at sign-in, but it's still limited compared to KeePass (for example, it can only export passwords as plain text).
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware.

RedLine is currently the most widely used information-stealing malware
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Unfortunately, if your email address is listed in the RedLine malware logs, it's not enough to just change the passwords associated with that email account.

As RedLine targets all of your data, you must change your password for all accounts used on the machine, including corporate VPN and email accounts, and other personal accounts.

Furthermore, as RedLine attempts to steal cryptocurrency wallets, you should immediately transfer the tokens to another wallet if you own any.

Finally, if your email is listed as part of the RedLine records, you should scan your computer using an antivirus software to detect and remove any installed malware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top