While paying bills or purchasing products online, having your password saved on the site seems like a great time saver. It’s also a great way to get your password stolen.
A new report finds that the number of people whose passwords have been stolen by malware via browsers has jumped dramatically.
Read on for more information on how the malware attacks. We’ll also show you how you can protect your passwords.
Huge increase in password-stealing malware
New research from Kaspersky Lab finds that attacks from malicious software that aims to steal your passwords, and other sensitive information, are on the rise. In the first half of 2018, fewer than 600,000 people were targeted by password-stealing malware.
Kaspersky found that during the same period this year, the number of attacks rose to more than 940,000. That’s an increase of 60%.
The report also found that the malware targets sensitive data such as credit card numbers and autofill information by taking advantage of vulnerabilities in web-browsers. About 25% of those who contracted password-stealing malware were infected by Azorult.
Azorult is one of the most commonly bought and sold password-stealers in Russian forums, according to Kaspersky. In addition, the report stated that most of the time, this type of malware targets files found on the desktop.
But, why would criminals target desktop files? Desktops are more at risk, according to the report, because that’s where people tend to store the files they use most — including a list of passwords. The malware can be spread through emails containing infected attachments.
The most prized stolen data
Password stealer malware will collect any and all data it can. From browsers it collects:
- Passwords
- Autofill data
- Payment cards
- Cookies
It can also copy files from your device:
- All files from a specific directory (such as Desktop)
- Files with a specific extension
- Files for specific apps
It forwards system data such as:
- Operating system version
- User name
- IP address
The malware can also steal accounts from various applications, take screenshots, download files from the internet and more.
According to the Kaspersky report, “stolen data can be used to transfer funds to cybercriminal accounts, order goods or services, and, if the desire or opportunity is lacking to do it oneself, it can always be sold on to other cybercrooks.”
Protecting yourself from malware
First and foremost, do not use your browser’s password-saving function. Here are some other important tips to protect your data:
- Do not follow web links in unsolicited email messages because it could be a phishing attack. If you need to contact a business or website, make sure to type the web address directly into your browser to avoid a spoofed website.
- Set up two-factor authentication when available. That means in order to log in to your account, you need two ways to prove you are who you say you are.
- Use unique passwords instead of the same one over multiple websites. If your credentials are stolen from one site, it’s easy for the cybercriminal to get into other accounts.
- Use special software for storing online account passwords and bank card details. With our sponsor’s RoboForm Password Manager you can say goodbye to writing down passwords. Take advantage of this limited-time offer and get 50% off RoboForm password manager. The offer ends 9/30/2019.
- Back up your data. With our sponsor IDrive, you can backup all your PCs, Macs and mobile devices into one account for one low price. Go to IDrive.com and use promo code, Kim, to save 50% on 2 TB of cloud backup now. That’s less than $35 for the first year.
The hunger for browser data is showing no sign of slowing. The current collection of password-stealing malware is being actively supported, updated, and supplemented with new features.
For example, malware can now steal two-factor authentication data from apps that generate one-time access codes. So always remain vigilant and stay up to date on the latest cyberthreats.