Cybersecurity experts are warning the public, especially people working from home, of the dangers of storing passwords on browsers such as Chrome and Edge. The caution follows the arrival of a cheap and accessible piece of malware.
Discover our latest podcast
Malware Attack
This malware, known as Redline Stealer, is being sold on the dark web for as little as £111.
The team at security firm, AhnLab, gave the warning about this emerging threat, after they dealt with a security breach affecting a company whose staff work remotely. The researchers explained:
The company where the damage occurred provided VPN [virtual private network] service to employees who were working from home to give access to the company’s internal network, and the employees connected to the VPN on the provided laptops or their PCs.
According to the publication, the targeted employee used the password management feature on the web browser to save and use the VPN account.
While doing so, the PC was infected with malware targeting account credentials, leaking accounts and passwords of various sites, which also included the VPN account of the company.
How Much of a Threat?
The UK government has recently warned that employers should expect more of their staff working from home as Covid-19 continues to spread, increasing the risks of hacks such as this one.
Most people use the password management feature on their browsers to save passwords for easy login.
Redline Stealer, which first appeared on the Russian dark web, works by targeting the database file where the account and password information is stored. It is spread through phishing tactics from hackers.
The researchers wrote:
Redline Stealer first appeared in March 2020, and phishing emails abusing the issue of Covid-19 were used. It is known that the malware was then distributed in various methods such as phishing emails, abusing of Google advertisements, and disguising as a photo editing program.
But there’s no cause for alarm - yet - as the threat from this malware is not widespread at this point. It is also likely that browser companies will adapt to make their products more secure in future updates.
