Home Office experts warn of a new type of malware that can steal information from our computers without us noticing.
Santiago, June 13, 2022 – Although allowing internet browsers like Chrome, Edge or Safari to remember our passwords makes our lives more comfortable, by doing so we can help computer criminals to steal those passwords and with that our accounts and money .
The above, warns the CSIRT Government (which makes its advice available at https://www.csirt.gob.cl/recomendaciones/), thanks to a type of malware known as thieves That is information thief, which, unlike other computer viruses, does not seek to infect the computer to quickly damage a program or capture the computer to demand a reward, as ransomware does, but instead stealthily investigates the computing device in the purpose of obtaining victim’s confidential data, such as usernames, passwords and credit card numbers.
So when we are infected by a thief, we can work quietly on our computers or smartphones and not realize that we are infected. And meanwhile, the cybercriminal steals information such as:
- Device credentials.
- Browser cookies.
- Users and passwords saved in the browser.
- Information about the auto-complete field.
- Cryptocurrencies from different digital wallets.
- Data such as IP address, country, city, username, keyboard layout, operating system, among others.
With such information, the cybercriminal could not only access the victim’s bank accounts, but also connect to the company where he works via VPN, thereby infecting the institution as well.
This type of malware is increasingly used by cybercriminals, mainly for three reasons:
- It makes it easy to get victim’s private data which otherwise might require more social engineering efforts.
- It does not require great technical knowledge to be used by cyber criminal.
- It’s marketed on the dark web as a service, a system called Malware as a Service (MaaS), where it’s possible to get thieves for around $100 a month or $200 for one-time use.
To obtain victims, different forms of propagation have been observed, some of the most used being:
- Phishing email campaigns asking to download office, PDF, RAR and ZIP files attached to an email.
- Also using YouTube, where they put malicious links in video descriptions.
- Also, on websites that offer to download pirated or cracked programs or fake installers, for example from Windows 11.
Fraud campaigns with thieves
One of the main sources of stolen credentials became RedLine Stealer, but other such software called: Raccoon Stealer, Taurus, AZORult, Mars Stealer, Inno Stealer and Vidar are also known.
In the case of RedLine Stealer, it first appeared in March 2020, sold indiscriminately to anyone on the dark web, unlike other tools whose use is more limited by specific groups of cybercriminals . However, different researchers have pointed out that the computer criminal group Lapsus$ which recently gained some notoriety for stealing significant amount of data from some world famous tech companies uses Redline Stealer among their tools to achieve their goals.
How to take care of yourself?
To reduce our exposure to this type of threat, the CSIRT Government (https://www.csirt.gob.cl/recomendaciones/) recommends the following measures:
- Enable second factor authentication in all accounts that allow it.
- Be aware and reinforce, among all members of the organization, the importance of not clicking on links that we do not know are safe (phishing).
- Avoid downloading software outside of vendor sites or online stores for your operating system (AppStore, Google Play, etc.)
- Do not save passwords or card numbers in the web browser.
- Regularly delete cookies.
- Install good antivirus and antimalware program from their own official websites or stores (such as Google Play and App Store).
- Implement systems such as DKIM, DMARC and SPF in institutional mail.
#Government #CSIRT #Warns #Powerful #Method #Steal #Internet #Passwords #TrendTIC