May 26, 2022

Volume XII, Number 146

Advertisement
Advertisement

May 25, 2022

Subscribe to Latest Legal News and Analysis

May 24, 2022

Subscribe to Latest Legal News and Analysis

May 23, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Privacy Tip #315 – Redline Malware Used to Steal Saved Credentials

Passwords are so difficult to remember. We all know we shouldn’t use the same or similar passwords across platforms. Stolen password credentials are dumped on the dark web and criminals use the stolen passwords to steal other data from victims, including frequent flyer miles, online banking credentials, cryptocurrency and other digital assets, and to get into employers’ systems. But passwords are so hard to remember….so we may be tempted when our chrome browser pop-up asks us if we want to save them.

A relatively new malware, dubbed Redline Stealer, gives us another reason why we shouldn’t be saving those passwords on our chrome (or other) browser. According to AhnLab ASEC, “Redline Stealer is an infostealer that collects account credentials saved to web browsers, which first appeared on the Russian dark web in March 2020.

In the case that Ahn Lab researched, the user had saved credentials to the company VPN through the browser on the laptop. The user, who was working from home, allowed everyone in the household to use the company laptop. It was infected with the malware through lax security measures, which allowed the threat actor access to the saved credentials to the company VPN and the attacker was able to infiltrate the company’s system through the compromised credentials.

According to Ahn Lab, “Although the account credentials storing feature of browsers is very convenient, as there is a risk of leakage of account credentials upon malware infection, users are recommended to refrain from using it and only use programs from clear sources.”

Resist the temptation to save credentials through your browser so you don’t give a threat actor easy access to your information and system or that of your employer.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 20
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement