A new report revealed that autosaving passwords on popular web browsers such as Edge, Opera, and Chrome could be dangerous because of an info stealer called RedLine malware. Threat actors can acquire this info stealer malware by purchasing it on the dark web for a low price of $200. According to recent observations, amateur hackers can quickly deploy the Redline malware without requiring various efforts and intelligence.
Researchers also added that saving a password on a company device’s browser can be lethal to both the account owner and the company. For example, a remote employee lost VPN account details to RedLine operators who utilised the information to hack company networks.
Unfortunately, although the infected device had an anti-virus solution installed, it did not detect or eradicate the RedLine malware.
RedLine malware is a versatile threat that malicious threat actors can use for various attacks.
The malware targets the Login Data file located on all Chrome-based browsers and is an SQLite database where usernames and passwords are stored. Even when individuals do not save their credentials on the browser, the password management functionality will still attach an entry to signal that the specific website is banned.
Although the malware’s operators may not have the password for banned accounts, it does signal them that the account exists in the browser. Therefore, the signal allows them to operate social engineering, credential stuffing, and phishing attacks.
After gathering the stolen credentials, threat actors can either utilise the data in future attacks or try to monetise them by selling them to users of dark web markets. The RedLine malware is abundantly used right now because of its effectiveness, simplicity, and cheapness, abusing a security gap that modern web browsers do not repair.
Experts stated that using a web browser to store login credentials is tempting and less hassle for users, but it is also risky to all devices. Therefore, it is best to use a dedicated password manager that stores all passwords in an encrypted vault that the user can only access via master key.
Autosaving passwords on web browsers is not entirely dangerous as long as a device is packed with protection. The user is not prone to any cyberattack that can compromise their device.
