Privacy Tip #315 – Redline Malware Used to Steal Saved Credentials
Passwords are so difficult to remember. We all know we shouldn’t use the same or similar passwords across platforms. Stolen password credentials are dumped on the dark web and criminals use the stolen passwords to steal other data from victims, including frequent flyer miles, online banking credentials, cryptocurrency and other digital assets, and to get into employers’ systems. But passwords are so hard to remember….so we may be tempted when our chrome browser pop-up asks us if we want to save them.
A relatively new malware, dubbed Redline Stealer, gives us another reason why we shouldn’t be saving those passwords on our chrome (or other) browser. According to AhnLab ASEC, “Redline Stealer is an infostealer that collects account credentials saved to web browsers, which first appeared on the Russian dark web in March 2020.
In the case that Ahn Lab researched, the user had saved credentials to the company VPN through the browser on the laptop. The user, who was working from home, allowed everyone in the household to use the company laptop. It was infected with the malware through lax security measures, which allowed the threat actor access to the saved credentials to the company VPN and the attacker was able to infiltrate the company’s system through the compromised credentials.
According to Ahn Lab, “Although the account credentials storing feature of browsers is very convenient, as there is a risk of leakage of account credentials upon malware infection, users are recommended to refrain from using it and only use programs from clear sources.”
Resist the temptation to save credentials through your browser so you don’t give a threat actor easy access to your information and system or that of your employer.