Gandalf_The_Grey
Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,600
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.
This malware is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.
However, a new report by AhnLab ASEC warns that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem affecting both organizations and individuals.
In an example presented by the analysts, a remote employee lost VPN account credentials to RedLine Stealer actors who used the information to hack the company's network three months later.
Even though the infected computer had an anti-malware solution installed, it failed to detect and remove RedLine Stealer.
What to do instead
Using your web browser to store your login credentials is tempting and convenient, but doing so is risky even without malware infections.
By doing so, a local or remote actor with access to your machine could steal all your passwords in a matter of minutes.
Instead, it would be best to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.
Moreover, you should configure specific rules for sensitive websites such as e-banking portals or corporate asset webpages, requiring manual credential input.
Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.