RedLine Malware is one kind of malware designed to steal users’ credentials from their browsers. The malware which was first identified in March 2020, continues to target popular browsers such as Chrome, Firefox, and Opera in 2021. This explains why you should not save passwords in your browser.
According to InfoSec Institute, the malware has been updated and now incorporates features like credentials exfiltration and cryptocurrency wallets, browser information, and FTP authentication data. Additionally, it also fetches details (OS information, processes, hardware, system language) from an infected machine.
The autosave password feature may be convenient and save time, however, from the security aspect it is harmful to both users as well as organizations.
According to a report by AhnLab ASEC, a remote employee lost VPN account credentials to RedLine Stealer actors who eventually used it to obtain illegitimate access to the company’s network.
The worst part is that the victim had anti-malware installed on their system but it failed to detect this notorious malware.
Additionally, whenever a user refuses to save a password for an online website, the browser’s password management system still adds entry of the website to its blacklist.
So, even though the threat actors don’t have credentials for that blacklisted sites, they can identify the sites where the user has his/ her account and possibly try executing credential stuffing attacks or social engineering attacks.
Once the threat actor obtains stolen credentials, they either use or sell them on dark web marketplaces.
Don’t Save Passwords on Your Browser Instead
Saving your password on your browser is risky; besides the risk of a credential leak in case of a malware attack, the person who has remote access to your machine can view your passwords.
So, it is highly advisable that you look for the best password managers like OnePassword, LastPass, or Dashlane.
Another password security best practice is that you should multi-factor authentication. So, even if your credentials are compromised, the threat actor can’t access your account.
Are you looking for more security updates? Subscribe to our Newsletter for the latest security news right from the security and research industries.