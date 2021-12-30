For convenience, many users save their passwords through the tools offered by browsers such as Chrome, Edge, Safari and others. A store where you can easily access your passwords without having to worry about remembering them. However, this can be a double-edged sword, since our browser’s password managers they are the most insecure of their gender, and ‘Redline Stealer’ is the greatest proof of that.

Security firm AhnLab ASEC has reported on a malware capable of stealing the passwords that we have stored in our browser. The most dangerous of all this is the ease of getting it and introducing it to the victim’s computer.

A malware that can be purchased for about $ 150



Image: AhnLab ASEC

‘Redline Stealer’ is the name given to this malware capable of breaking into our system and getting the passwords stored in our browser. It first appeared in 2020 on a Russian dark web website, can be purchased for between about 150 and 200 dollars. Until recently it could even be found through a Telegram channel.

The tool has already been obtained by multiple unknown individuals, and those access details obtained through this malware have also been sold on the dark web. Its main ‘means of transport’ are e-mails and Google advertising that we can find on websites, although it has also appeared ‘camouflaged’ in the form of a photo editing program.

The ‘Login Data’ file is the main target

In Chromium-based web browsers, the password manager is active by default. When we log into a website, the information is saved in a file called ‘Login Data’. Here, in addition to the username and password, we can find the URL of the website, the number of times we have accessed, and the login date, all compiled in a SQLite database file. In case the user chooses not to save the password for the site, only the website information will appear in the table.

The objective of this malware is to gain control of this file once it has accessed the system by one of the aforementioned routes, although it’s not the only thing he’s capable of. And it is that Redline Stealer can also obtain information about Cookies, the autocomplete tool, information about our bank cards, data about digital cryptocurrency wallets, and even information about the hardware we use and processes running on our system.

The fact that information of this caliber is saved locally through a file that is not even encrypted makes you think about the danger of password managers in major web browsers. And it is that if you want to opt for this route, from Genbeta we recommend you make use of a third-party and reliable password manager. In this article we mention some of the best and completely free.