This virus steals Chrome passwords and sells them on the Dark Web

Password managers are one of the best options we can use to access our online accounts . You are likely logged into dozens or even hundreds of web pages, and memorizing a unique password for all of them is almost impossible. For this reason, password managers make our lives easier, but a new virus is after them.

Using a password manager is a lesser evil. If you use the same password in different services, and one of them is hacked, the rest will become vulnerable. For this reason, the password manager is the best way to defend ourselves against these attacks, in addition to using two-step verification whenever we can.

However, AhnLab ASEC has found serious security problems in the password managers of our web browsers . While they were investigating a recent data breach, company investigators discovered a company worker via his web browser.

virus steals your Chrome passwords

RedLine: the malware that steals the most passwords

To do this, the hackers had used the RedLine malware, which costs between $ 150 and $ 200 (or $ 100 if paid monthly), to obtain the user’s login information. The antivirus did not detect the malware, which was probably distributed through a phishing email.

Once it enters a computer, the malware can steal credentials , browser data such as passwords, and collect information from the infected device; in addition to being able to download files to it remotely to make the infection even more serious. The attacker can easily know which websites are stored, and even if they do not have direct access to the passwords, they can use social engineering to discover them. For example, if you know our bank, you can send us another phishing email posing as the bank and thus obtain the credentials. Currently, half of the stolen passwords on the Dark Web have been obtained using this malware.

For this reason, the researchers recommend disabling the password management tool included in the browser, but that option is perhaps too radical. The important thing is not to open files whose origin we do not know, and much less if they are attached to an email.

Alleged attack on the LastPass password manager

This attack has nothing to do with the crash that LastPass appears to have experienced. Last Monday, many users began to report that they had received an email from LastPass claiming that someone had tried to access their account using the master password. All attempts came from a range of IP addresses associated with Brazil.

The company has issued a statement stating that there is no evidence that accounts have been accessed without permission by hackers. Apparently, the attack would have occurred through stolen credentials in other portals, which were used to try to access LastPass accounts that used the same password. The message that the master password has been used would have been mistakenly sent to hundreds of users.