The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera. We tell clients to stop storing their passwords in browsers and to use a Locker. AhnLab ASEC warns that using the auto-login to get on to your sites is becoming a very large security problem affecting both organizations and individuals. AhnLab ASEC showed a remote employee lost VPN account credentials to RedLine Password Stealer. The actors used the information to hack the company’s network three months later. The employee’s computer had an anti-malware installed, RedLine Stealer was able to bypass the scans. AhnLab ASEC looks for an SQLite database where usernames and passwords are saved or the ‘Login Data’ file found on all Chromium-based web browsers.
To make it worst malware can be purchased for about $200 on cyber-crime forums and be deployed by novice script kitties or your mom with her subscription to Reddit.
The part below I gathered from an article posted by Bill Toulas of Bleepingcomputers
While browser password stores are encrypted, such as those used by Chromium-based browsers, information-stealing malware can programatically decrypt the store as long as they are logged in as the same user. As RedLine runs as the user who was infected, it will be able to extract the passwords from their browser profile.
“Google Chrome encrypt the password with the help of CryptProtectData function, built into Windows. Now while this can be a very secure function using a triple-DES algorithm and creating user-specific keys to encrypt the data, it can still be decrypted as long as you are logged into the same account as the user who encrypted it,” explains the author of the ‘chrome_password_grabber’ project.
“The CryptProtectData function has a twin, who does the opposite to it; CryptUnprotectData, which… well you guessed it, decrypts the data. And obviously this is going to be very useful in trying to decrypt the stored passwords.”
Even when users refuse to store their credentials on the browser, the password management system will still add an entry to indicate that the particular website is “blacklisted.”
While the threat actor may not have the passwords for this “blacklisted” account, it does tell them the account exists, allowing them to perform credential stuffing or social engineering/phishing attacks.
After collecting the stolen credentials, threat actors either use them in further attacks or attempt to monetize them by selling them on dark web marketplaces.
An example of how widely popular RedLine has become for hackers is the rise of the ‘2easy’ dark web marketplace, where half of all the sold data sold was stolen using this malware.
Another recent case of RedLine distribution is a website contact form spamming campaign that uses Excel XLL files that download and install the password-stealing malware.
It’s like RedLine is everywhere right now, and the main reason behind this is its effectiveness in exploiting a widely available security gap that modern web browsers refuse to address.
No longer in the voice of Bill Toulas, how do we stop this?
Cy-Quest Global offers a password locker. By using this you no longer need to store your login credentials through your web browser. Use multi-factor authentication wherever this is available, this can save you a nightmare. As suggested by many security experts, use a different password for all your sensitive websites like bank and your children’s school sites. Enter you credentials manually. Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.
There is noticeably a bundle to learn about this. I assume you made sure good points in options also.
Top site ,.. amazaing post ! Just keep the work on !
I know this if off topic but I’m looking into starting my own weblog and was wondering what all is needed to get setup? I’m assuming having a blog like yours would cost a pretty penny? I’m not very internet smart so I’m not 100 positive. Any recommendations or advice would be greatly appreciated. Kudos
No does not cost us anything other that the hosting. Many of the blogs are writen inhouse.
Also a thing to mention is that an online business administration training is designed for college students to be able to easily proceed to bachelors degree programs. The 90 credit college degree meets the lower bachelor college degree requirements when you earn your current associate of arts in BA online, you should have access to the most up-to-date technologies on this field. Some reasons why students would like to get their associate degree in business is because they may be interested in the field and want to receive the general education and learning necessary prior to jumping right bachelor diploma program. Many thanks for the tips you actually provide within your blog.
As a Newbie, I am constantly browsing online for articles that can help me. Thank you
Very nice post. I just stumbled upon your weblog and wished to mention that I’ve really enjoyed surfing around your weblog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!
Excellent blog right here! Also your site so much up very fast! What host are you the use of? Can I am getting your affiliate link on your host? I want my site loaded up as quickly as yours lol
If you look at cy-quest.com at the very bottom there is a clickable link
Just checking in to show my agreement. Your piece is well written Nice job!
I truly appreciate this post. I have been looking all over for this! Thank goodness I found it on Bing. You’ve made my day! Thx again
Please tell me more about your excellent articles
Thanks for posting. I really enjoyed reading it, especially because it addressed my problem. It helped me a lot and I hope it will help others too.
Sustain the excellent work and producing in the group!
Great beat ! I would like to apprentice while you amend your web site, how could i subscribe for a blog site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept
Can you write more about it? Your articles are always helpful to me. Thank you!
Your articles are extremely helpful to me. Please provide more information!
Thank you for sharing this article with me. It helped me a lot and I love it.
I’d like to find out more? I’d love to find out more details.
Thank you for writing this post. I like the subject too.