Privacy Tip #315 – Redline Malware Used to Steal Saved Credentials

Robinson+Cole Data Privacy + Security Insider
Contact

Passwords are so difficult to remember. We all know we shouldn’t use the same or similar passwords across platforms. Stolen password credentials are dumped on the dark web and criminals use the stolen passwords to steal other data from victims, including frequent flyer miles, online banking credentials, cryptocurrency and other digital assets, and to get into employers’ systems. But passwords are so hard to remember….so we may be tempted when our chrome browser pop-up asks us if we want to save them.

A relatively new malware, dubbed Redline Stealer, gives us another reason why we shouldn’t be saving those passwords on our chrome (or other) browser. According to AhnLab ASEC, “Redline Stealer is an infostealer that collects account credentials saved to web browsers, which first appeared on the Russian dark web in March 2020.

In the case that Ahn Lab researched, the user had saved credentials to the company VPN through the browser on the laptop. The user, who was working from home, allowed everyone in the household to use the company laptop. It was infected with the malware through lax security measures, which allowed the threat actor access to the saved credentials to the company VPN and the attacker was able to infiltrate the company’s system through the compromised credentials.

According to Ahn Lab, “Although the account credentials storing feature of browsers is very convenient, as there is a risk of leakage of account credentials upon malware infection, users are recommended to refrain from using it and only use programs from clear sources.”

Resist the temptation to save credentials through your browser so you don’t give a threat actor easy access to your information and system or that of your employer.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.