Password Stealer Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/password-stealer/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 18 Nov 2022 12:48:59 +0000 en-US hourly 1 https://wordpress.org/?v=76608 200474804 Is It Safe to Use a Password Manager in 2022? https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/ https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/#respond Fri, 10 Jun 2022 18:26:48 +0000 https://gridinsoft.com/blogs/?p=8452 What’s the Idea Behind Password Managers? In the cybersecurity world, everyone knows that passwords are real. It’s only in the movies hackers can effortlessly detour or hack passwords. A strong password provides decent data protection. Since an average internet user nowadays has many accounts on different online services, remembering passwords becomes a serious nuisance. Using… Continue reading Is It Safe to Use a Password Manager in 2022?

The post Is It Safe to Use a Password Manager in 2022? appeared first on Gridinsoft Blog.

]]>
What’s the Idea Behind Password Managers?

In the cybersecurity world, everyone knows that passwords are real. It’s only in the movies hackers can effortlessly detour or hack passwords. A strong password provides decent data protection.

Since an average internet user nowadays has many accounts on different online services, remembering passwords becomes a serious nuisance. Using services other than social media or email becomes inseparable from a boring “forgot password” procedure.

Dashlane Interface
Interface of Dashlane. one of the most trusted and popular password managers.

To stop these work process disruptions and at the same time improve data security, people invented password managers. Are they secure, and should you use them? That’s what this post is about.

Is it Safe to use Password Managers?

The programs in question store passwords from different accounts and automatically fill them into the respective websites’ log-in forms. They also generate strong passwords for each account, saving the user the trouble of doing it. Thus, clients keep all their extremely strong passwords in one box and benefit from forms auto-filling. That does not sound secure at all, you might say, and you would be surely right. If not for certain security measures in password managers, the disputed services would rather jeopardize passwords than manage them wisely. Having all keys collected together without proper protection would make them easy prey.

However, there are high-end programs among password managers that feature security mechanisms making digital fortresses out of them. That doesn’t mean that all safety issues are solved, that is not so (we’ll talk about that further,) but in most cases, a password manager can be helpful and handy.

Security Features

  • The first thing that must be said is that password managers use the so-called zero-knowledge architecture. That means no person except you know your passwords stored in the password manager’s vault. The manager doesn’t “know” them either because all the passwords are encrypted and protected by the master password, which is not stored in the vault. You know it, and it belongs to you.
  • By the way, the vault is cloud storage. Any connection between your PC and the cloud is encrypted. It is called end-to-end encryption. We have described how such encryption works in our post on SSL certificates. The principle for establishing secure connections is the same – a combination of asymmetric and symmetric encryption. Briefly speaking, should hackers even get the data stored on password manager’s cloud servers, they won’t be able to do anything with it.
  • Asymmetric Encryption
    Asymmetric encryption is the key to safe encrypted connections in modern communications.
  • Surely, password managers will audit your credentials, change them regularly, warn you about any weaknesses in your password-login combinations, and so on.
  • Logging into the manager program can be accompanied by two-factor authentication to make it as secure as possible. 2FA means you will confirm your identity via another device as you log in and enter your master password.
  • Although data breaches are unlikely and pointless since there is end-to-end encryption, some password manager manufacturers monitor the Internet to detect any leakages or breaches if they happen, to inform users about them ASAP.

If you make up your mind to purchase a password manager, make sure the program you have chosen supports the features mentioned above.

Can Password Manager Still be Hacked?

Master Password – the Key to the Kingdom

Theoretically, a password manager hack is possible, although extremely unlikely. Moreover, the target of such an attack will definitely not be the cipher used in the vault itself. Attackers will need your master password, the code that will open the chest with the rest of your keys from different accounts. Most likely, hackers will seek a vulnerability in your habits and use social engineering. By the way, they may try to get your password out of you, posing as the developers of your password manager.

Making Your Master Password Strong

Therefore, we will still have to briefly say here that for a password to be strong, it must be composed of numbers, letters of both cases, and special characters. And, of course, it must be a long sequence of characters (at least twelve.) In addition, the password should not be based on some word with meaning because criminals often go for spear attacks. Those are personalized attacks; when they know something about the victim. Accordingly, neither names nor anyone’s dates of birth should appear in the password. Understandably, no one shouldF be given the key from the password manager. By the way, consider reading the guide to creating strong passwords on our blog.

What About Malware

But that’s not all, because we should not forget about malicious programs. If we just assumed that hackers might be trying to crack your password using brute force, then we need to know that they can go the easier way. They can infect your device with spyware! Moreover, we don’t mean spyware that collects some data in the background while you are browsing the network. No, now we are talking about the most dangerous programs, which are sometimes also classified as spyware, namely keyloggers and screen loggers. The first ones capture keystrokes, while the second ones send everything that happens on your screen somewhere to the attackers’ server. If you use a virtual keyboard, the keylogger is not dangerous for you, but there is still no way against the screen logger.

Is It Safe to Use a Password Manager in 2022?

Both these programs can be hidden from human eyes with the help of a rootkit – another powerful hacker tool. Such programs on your computer would indicate that it has been at risk all this time.

Security Solutions

However, to prevent malware from penetrating your device, and to remove it, should it infect your machine, there are antiviruses, such as GridinSoft Anti-Malware. It is a great program that has three types of protection. On-run protection, deep scanning, and browsing protection are also very important. The first function destroys the infection on approach. The second one, scan, will help you find well-hidden malware. The last feature mentioned is blocking and warning about malicious sites.

Unquestionable Benefits of Password Managers

Although we can never rule out the above-mentioned threats, they are unlikely to happen. If we discard them, we will have to admit that password managers possess some unquestionable benefits for the user. At least in comparison with the password policy of an average Internet user.

  1. Increased security! Undoubtedly, the machine generates strong passwords better than humans, and the program makes them unrelated to any meaning. Also, manager software stores your credentials flawlessly, keeping them protected with the highest level of security. A 256-bit AES encryption is no joke; we can count it unbreakable, at least for today.
  2. Password managers matchless ease browsing and Internet activities. On the one hand, your data becomes more protected. On the other hand, all this password-related fuss leaves you with a boring dream. You don’t need to invent passwords. Note them somewhere, just in case, forget them later, and reset them to access your account.
  3. Password managers are an effective countermeasure against phishing and, more specifically, website spoofing. A well-made fake website can catch even an experienced user off guard. Imagine you run onto a typo-squatting webpage that looks just like a website you intended to visit. You haven’t noticed your typo, and as the site fully loads, you see the familiar appearance of the sign-in form. There is a high chance that the user here would notice no pitfall, let alone if tired, and input the login and the password right into the password-stealing form prepared by malefactors. However, a problem for a human is not a problem for a machine at all. You will notice if your password manager suddenly refuses to fill out the credentials form automatically. And it won’t, of course, if the website address is different, even if it is a one-character difference.

The post Is It Safe to Use a Password Manager in 2022? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/feed/ 0 8452
Meta Infostealer Malware Spread via Spam https://gridinsoft.com/blogs/meta-infostealer-malware/ https://gridinsoft.com/blogs/meta-infostealer-malware/#respond Tue, 12 Apr 2022 15:09:51 +0000 https://gridinsoft.com/blogs/?p=7271 Meta, a newly crafted information-stealing malware, is distributed via a vast spam spree. The mechanism of the stealer injection within this campaign is already well-known. However, Meta is now a mainstream tool among hackers. Therefore, further attacks featuring this software but with different scenarios are inevitable. This article explains how the current malspam scheme works.… Continue reading Meta Infostealer Malware Spread via Spam

The post Meta Infostealer Malware Spread via Spam appeared first on Gridinsoft Blog.

]]>
Meta, a newly crafted information-stealing malware, is distributed via a vast spam spree. The mechanism of the stealer injection within this campaign is already well-known. However, Meta is now a mainstream tool among hackers. Therefore, further attacks featuring this software but with different scenarios are inevitable. This article explains how the current malspam scheme works. We also share the story behind the info stealer.

READ ALSO: Spyware vs. Infostealer – what’s the difference?

The information provided within the current article, including the images, is courtesy of Brad Duncan, an independent cybersecurity analyst, the man behind the malware-traffic-analysis.net blog.

Meta Infostealer Malware Spread via Spam

Spam Campaign details

The Meta infostealer malware gets into the victim’s computer. It begins with an email with an attachment. Already a stay-away thing for the experienced ones, but someone might still buy into that. The bait is classic: you have received payment, and there is a little paperwork to be done before getting your money.

Meta Stealer Infection Scheme
This is a Meta Stealer Infection Scheme provided by Brad Duncan. Source: isc.sans.edu

After the user downloads the attachment (an excel table within the current campaign,) the file will, just as expected, request allowance to execute macros. The sheets file features a DocuSign image to be more persuasive, although it is unnecessary since it is already downloaded. If the victim consents, enabled scripts (VBS) start downloading stuff from several sources.

Request for Macros
The attached excel file with a DocuSign seal asks for macros allowance. Source: isc.sans.edu

The downloaded payload gets encoded with base64 (schemes presenting binary data as text) or undergoes byte reversal. Both methods increase the malware’s chances of passing undetected by antivirus programs. The fetched content constitutes *.dll and *.exe files.

Reversed bytes in the downloaded DLL
You can see the reversed byte order in the downloaded DLL. Source: isc.sans.edu

The hacker’s plan succeeds as a malicious executable gets assembled on the victim’s computer, and it starts sending data to the server with 193[.]106[.]191[.]162 address. The file name is ‘qwveqwveqw,’ and it even gets itself a system registry entry. Meta steals passwords for cryptocurrency wallets and web browsers, namely Chrome, Firefox, and Edge. By the way, Meta alters PowerShell and Windows Security settings, excluding *.exe files from antivirus examination.

Meta Stealer's Traffic
Meta-generated traffic. Source: isc.sans.edu

Brief information on Meta malware

The hacker community quickly reacted to the suspension of Raccoon Stealer malware. Its operators stopped selling and supporting the tool as one of the developers became a victim of the war in Ukraine. Meta, advertised as the successor of RedLine, is one of several stealers that arrived to occupy the vacant niche. Its monthly price on the 2Easy botnet marketplace is $125 and a lifetime subscription costs $1000. For a more thorough analysis of the Meta malware, consider reading the original report by Brad Duncan on the Internet Storm Center security forum.

RELATED: Why is the 2easy trading platform gaining popularity?

The post Meta Infostealer Malware Spread via Spam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/meta-infostealer-malware/feed/ 0 7271
What Is Password Stealer And How Dangerous Is It? https://gridinsoft.com/blogs/pws-threat-dangerous/ https://gridinsoft.com/blogs/pws-threat-dangerous/#respond Thu, 27 Jan 2022 11:04:42 +0000 https://blog.gridinsoft.com/?p=1843 Password stealers, or PWS, is the specific malware type that attempts to get your passwords and other credentials. These viruses have been pretty widespread over the last seven years, giving cybercriminals access to the accounts of various individuals and companies. But many users don’t know how it works and how to avoid the PWS injection.… Continue reading What Is Password Stealer And How Dangerous Is It?

The post What Is Password Stealer And How Dangerous Is It? appeared first on Gridinsoft Blog.

]]>
Password stealers, or PWS, is the specific malware type that attempts to get your passwords and other credentials. These viruses have been pretty widespread over the last seven years, giving cybercriminals access to the accounts of various individuals and companies. But many users don’t know how it works and how to avoid the PWS injection. Well, let me explain it to you.

Is password stealers worth being afraid of?

Imagine that one day all passwords you typed to log into your account became compromised. It is likely an unwanted occasion for an ordinary user and a complete doom for large corporations, top management, and celebrities who keep many important details in their accounts. Although cybercriminals use these credentials to log in, they can do it as a reason to worry.

Facebook account hijacked

People often underestimate the danger of such situations. Some password stealer attacks are targeted at a specific person, intending to get his sensitive credentials. Meanwhile, your account may be involved in a spamming campaign after the login and password-stealing with the help of this virus.

Besides the identity loss and possible leakage of some essential data, you may also suffer reputation problems. No one can restrict cyber burglars from posting fake information or false claims that will tarnish your reputation. You could spectate such a situation a year ago. A group of cybercriminals accessed the Twitter employee account with the password stealer. Then, crooks wrote a message from a chain of celebrities’ accounts. In those messages, fraudsters offered to take part in cryptocurrency giveaways, hiding under the names of Bill Gates, Elon Musk, Jeff Bezos, and other well-known personalities. That employee whose account was used to commit a 100k+ fraud was fired less than a week later. Still thinking it is not dangerous?

How it works?

The common details of the stealer virus are quite easy to explain even to a non-technical person. After being delivered to your PC, this malware first changes the security settings and networking configurations. Microsoft Defender is the first item under attack since any malware can easily disable it through the Group Policies. Then, viruses may stop the UAC notifications from allowing the operations without your additional approval. People often disable that function themselves since it often annoys instead of securing.

how password stealer works

This virus changes to establish the connection with the command server in networking settings. The efficiency of the PWS virus depends on the number of credentials it uploads on that server. So there is no reason to inject it without ensuring that service is available to connect. Primarily, the malware uses console commands to establish these connections.

The action starts

The password stealer virus is ready to do its job after the system changes. It logs all your keystrokes done in the specific fields on the websites. Hence, all passwords you type after the virus injection will be compromised. It is hard to prevent it since the virus can log your keystrokes on the hardware level. Any kind of password security on the web page is useless.

Some examples of password stealers can break into the so-called “keychains” and steal the passwords from there. Those “keychains” usually use the encryption mechanisms, but some of them, especially in amateur browsers on Chromium or so, may have weak or no encryption. A virus can easily brute force those password-keeping mechanisms and get your credentials even if you did not type them.

In contrast to its “brother” – spyware – password stealers are usually used for targeted attacks. As I have mentioned, there are many examples of successful PWS virus attacks on the accounts of various celebrities and media persons. Targeted attacks always carry more danger than massive, even if it looks like vice versa. Of course, committing a massive attack is no problem, but the questionable efficiency stops the crooks. If not targeted, PWS malware is spread to small groups of people, like Discord servers or subreddit threads.

How can this virus get on my PC?

Cybercriminals are very inventive when it comes to malware distribution. Usually, the majority of password stealer injections are done through email spamming. A rare case is when you get this virus inside the app. In such a case, the virus is called trojan-stealer since it is disguised as a legitimate program.

how can password stealer virus get on my PC

Email spamming has been a real scourge of the last two years. Cyber burglars attach the infected files to a legitimately-looking email and bait the victim to open the file. Usually, a password stealer hides inside of a macros – a specific add-on for a Microsoft Office document. That add-on is based on Visual Basic and passes all possible security layers because MS Office is above it. By default, macros are disabled for any document, but when Office detects one in the opened file, it offers the user to enable macroses. Inattentive or naive people may click “Allow” and only think about what they did. However, it is already too late to change anything.

Distribution as a trojan virus also requires thinking on new ideas. You may scroll the discussion in Discord, for example, and see how someone asks to test a new utility they programmed. A virus will wait for you right inside of this “program”. Sometimes, you can see a download link (or the same file) promoted as a special tool for system optimization or bug fixing. As you can read earlier, all such offers are usually done in a closed community interested in such tools. The attack efficiency is extremely high.

Is it real to protect my computer from the password stealer virus?

Of course. It is much harder to conceal than adware or browser hijackers. The problem is that antivirus programs without proactive protection cannot spot the threat if they do not match the antivirus database’s signature. Proactive protection, driven by the heuristic engine, can detect malware even if nothing is similar in the detection databases. This system monitors each app’s activity and will notify you if it sees something suspicious. GridinSoft Anti-Malware can offer you the On-Run protection – the mechanism based on the heuristic engine, developed and set up by a team of professionals. Choose your security tool wisely!

The post What Is Password Stealer And How Dangerous Is It? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/pws-threat-dangerous/feed/ 0 1843