Don't use your browser's password manager
-
RedLine malware shows why passwords shouldn't be saved in browsers
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.
This malware is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.
However, a new report by AhnLab ASEC warns that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem affecting both organizations and individuals.
In an example presented by the analysts, a remote employee lost VPN account credentials to RedLine Stealer actors who used the information to hack the company's network three months later.
Even though the infected computer had an anti-malware solution installed, it failed to detect and remove RedLine Stealer.
The malware targets the 'Login Data' file found on all Chromium-based web browsers and is an SQLite database where usernames and passwords are saved.
Using your web browser to store your login credentials is tempting and convenient, but doing so is risky even without malware infections.
By doing so, a local or remote actor with access to your machine could steal all your passwords in a matter of minutes.
Instead, it would be best to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.
Moreover, you should configure specific rules for sensitive websites such as e-banking portals or corporate asset webpages, requiring manual credential input.
Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.
Okay then, how about Last Pass?
LastPass users warned their master passwords are compromised
Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.
The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide.
"Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.
"LastPass blocked this attempt, but you should take a closer look. Was this you?"
Reports of compromised LastPass master passwords are streaming in via multiple social media sites and online platforms, including Twitter, Reddit, and Hacker News (original report from Greg Sadetsky).
LogMeIn Global PR/AR Senior Director Nikolett Bacso-Albaum told BleepingComputer that "LastPass investigated recent reports of blocked login attempts and determined the activity is related to fairly common bot-related activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services."
"It’s important to note that we do not have any indication that accounts were successfully accessed or that the LastPass service was otherwise compromised by an unauthorized party. We regularly monitor for this type of activity and will continue to take steps designed to ensure that LastPass, its users, and their data remain protected and secure," Bacso-Albaum added.
However, users receiving these warnings have stated that their passwords are unique to LastPass and not used elsewhere. BleepingComputer has asked LastPass about these concerns but has not received a reply as of yet.
So, Happy New Year, and buy yourself a notebook and a pen.
