Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
How malware steals autofill data from browsers
How malware steals autofill data from browsers
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 13,799
Threads: 9,248
Thanks Received: 8,903 in 7,078 posts
Thanks Given: 9,584
Joined: 12 September 18
#1
Exclamation  11 August 19, 09:48
Quote:
[Image: browser-data-theft-featured.jpg]

Most browsers kindly offer to save your data: account credentials, bank card details for online stores, billing address, name, and passport number for travel sites, and so on. It’s convenient and saves having to fill out the same forms all over again or worry about forgotten passwords. However, there is a catch: All of this autofill data can be scooped up by cybercriminals if your computer gets infected by a stealer — a piece of malware that steals information, including from browsers.

Such programs are becoming increasingly popular with online scammers: In the first half of this year alone, Kaspersky’s security products detected more than 940,000 stealer attacks. That is a one-third increase from the same period of 2018.

Strictly speaking, stealers are interested in more than just browsers’ autofill data — they are also looking for cryptocurrency wallets and gaming data, and they steal files from the desktop as well (we hope you don’t store valuable information there, such as password lists).

However, browsers have become a hub of work and play, including shopping, banking and more, and are often a source of far more confidential information than other programs. Let’s take a look at how stealers get their thieving hands on browser data.

How browsers store your autofill data

Browser developers seek to protect the information entrusted to them. To do so, they encrypt it, and decryption is possible only on the same device and from the same account that saved it. So if someone simply steals a file with autofill data, they won’t be able to use it — everything in it is securely encrypted.

But, there’s a but. By default, browser developers assume that your device and account are well protected, meaning that any program running from your account on your computer is acting on your behalf and therefore should be able to extract and decrypt saved data. Unfortunately, this also applies to malware that has penetrated the device and is running under your account.

The only browser that offers extra protection for stored data against third parties is Firefox, which allows you to create a master password that you have to enter when you need the data to be decrypted and used for autofill. However, this option is disabled by default.
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>