Saving password on Google Chrome? Read this and you might delete them NOW
You must have seen the prompt on Google Chrome and a couple of other web browsers when it asks your permission to save your password. It is very convenient, isn't it? And with Google using its AI tools to suggest which of those passwords have been compromised, it all seems safe to do it, right? Sadly, a recent incident proves otherwise.
Based on a research report from ASEC, a security company, passwords stored on web browsers can be easily stolen by a known malware called Redline Stealer. The malware has already hit a company after it managed to steal the credentials from one employee and transferred it to hackers. Three months later, the company's data was breached.
Redline Stealer steals saved passwords
The report says that the infostealer malware had infected the victim's WFH device earlier. The employee had saved all crucial passwords on the web browser. The PC had a antivirus software installed but the malware managed to steal all the data and evaded the detection as well.
Three months later, that company's data was breached a with the stolen passwords by the malware.
Even antivirus couldn't detect it
Similar to many companies, this employee's PC had a VPN installed to make for a secure work environment. However, the malware stole the password and credentials of the VPN software and used it later to hack all the data.
This Redline Stealer is a widely sold malware available for prices between $150 to $200. Hence, a lot of hackers could use this to get access to your data.
ASEC's AhnLab suggests that users should not save their passwords and other credentials on the web browser. Instead, a standalone password manager is a safer bet, especially if you have employed a security key or a two-factor authentication system. An even better way is to not save your password anywhere and try to remember it by heart.