Today’s browsers have an auto-login feature that saves passwords for frequently used online services. While saving passwords in browsers is convenient, it is not a good idea. A new analysis uncovered an info-stealing malware dubbed Redline targeting web browsers like Opera, Chrome, and Edge to harvest login credentials. According to a report from AhnLab ASEC, the Redline malware campaign targets users who enable the auto-login feature on their browsers. The analysts stated that the Redline malware, also called Redline Stealer, compromised a VPN account of a company by targeting a remote employee device that saved passwords in the browser. Threat actors reportedly leveraged the leaked VPN account to hijack the company’s internal network three months later.
“The targeted employee used the password management feature provided by the web browser to save and use the account and password for the VPN site on the web browser. While doing so, the PC was infected with malware targeting account credentials, leaking accounts and passwords of various sites, which also included the VPN account of the company,” the analysts said.
Also Read: 3 Digital Assets That Are High in Demand on Dark Web Forums
Active since 2020, the Redline Stealer first appeared on the Russian darknet forum. The malware is peddling on the dark web for $150-$200, allowing bad actors to leverage it. In addition to the malware, credentials leaked using Redline malware are sold on the dark web.
The main features of Redline malware include:
Recently, security expert Bob Diachenko unveiled that Redline Stealer malware exposed more than 6 million records online. It found that the Redline malware campaign is the key source for trading stolen sensitive information on various cybercriminal and dark web forums.
Redline Stealer malware logs with more than 6M records were exposed online, publicly (now taken down). Internationally sourced data, exfiltrated in Sept and Aug 2021. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020. pic.twitter.com/kv9MNL8hAE
— Bob Diachenko (@MayhemDayOne) December 25, 2021
Compromised credentials pose severe security threats to both organizations and users. Recently, the data breach search website Have I Been Pwned? reportedly added 441,657 unique email addresses stolen by RedLine malware operators. Data breach victims use Have I Been Pwned? platform to check whether their email ID or phone number has been compromised in any security breach. The users, who find their email address exposed, are required to update their passwords for all online accounts on the device, including corporate VPNs, email accounts, and other personal accounts.
Firefox
If you do not use Firefox as your default browser, you will find similar settings in other browsers. Look in the Privacy & Security section under Settings or Advanced Settings.
The post Redline Malware Campaign Reveals Risks of Saving Passwords in Browsers appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor