A new virus called RedLine you are stealing passwords from web browsers. Google Chrome, Microsoft Edge, Safari y Firefox They thus become the target of those who have most of their online identity and accesses saved on their computers.
‘Redline Stealer’ is called the malware (malicious program), which can enter the devices and get the passwords stored in our browser. It first appeared in 2020 on a Russian dark web website, and can be purchased for around 150 and 200 dollars. Until recently it could even be found through a Telegram channel.
Its main way of spreading is through emails and the Google advertising that we can find on websites, although it was also found camouflaged in the form of photo editing program.
In Chromium-based web browsers, the password manager is active by default. When we log into a website, the information is stored in a file called “Login Data”.
Here, in addition to the username and password, we can find the URL of the website, the number of times we have accessed, and the date of login, all compiled in a database file SQLite.
In case the user chooses not to save the password for the site, only the website information will appear in the table.
According to the latest report from Bleeping Computer, a specialized outlet for cybersecurity and cyber risks, the RedLine malware was able to steal essential consumer details such as passwords and email addresses. The virus was also able to obtain credentials, credit cards and browser cookies.
It also attacks via VPN
Security experts also explained that the credentials of various VPN and FTP clients were also affected. In addition to steal essential information, this dangerous malware can also steal cryptocurrency wallet accounts.
Another thing that makes this malware quite complicated is that it can install tracking software attacks and execute commands on the infected device or system.
In an example presented by analysts, a remote employee lost VPN account credentials to RedLine Stealer actors who used the information to hack into the VPN account. the company three months later.
Although the infected computer had an anti-malware solution installed, it was unable to detect or remove RedLine Stealer.
The malware points to the “Login data” file found in all Chromium-based web browsers and is an SQLite database where the files are stored. Usernames and passwords.
While browser password stores are encrypted, like those used by Chromium-based browsers, information-stealing malware can programmatically decrypt the repository as long as they log in as the same user.
Since RedLine runs as the infected user, you will be able to extract passwords from your browser profile.