Password stealing malware is again rising with several attacks making the news cycle in recent months.
A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities.
Further analysis into password-stealing malware has also revealed that one malware, in particular, is responsible for around 170 million passwords stolen in the last six months: Redline malware.
Still, there were other password-stealing malware variants available on the market for hackers to leverage, with the next three most popular credential-stealing malware being Vidar, Raccoon Stealer and Meta.
The stolen credentials extracted by this type of malware will be sold on the dark web and used to steal information and money from victims, especially if they are using the same passwords for other accounts.
Password reuse is a problem that persists in the business world and if employees are reusing work passwords on sites or devices vulnerable to malware, this could lead to compromised passwords being used and eventually exploited by hackers on a large scale.
Further insight into the top three password-stealing malware has been conducted to arm security professionals and businesses with the relevant knowledge to stay safe against latest threats against them, their users, and their users' passwords.
The RedLine malware was first identified in March 2020 and surged in notoriety as a highly sought-after information stealer.
The information is then funneled into the malware's command and control infrastructure.
A notable attribute associated with the RedLine malware is that it is often bundled together with cryptocurrency miners whose prime targets are users with powerful GPUs i.e. gamers.
Phishing is the main method for the distribution of RedLine malware with cybercriminals typically exploiting global events like the COVID-19 pandemic to entice victims to click on a malicious link to unknowingly download the malware.
Since 2021, YouTube has been a go-to location to disseminate malware by embedding malicious links in the description of videos which are often promoting gaming cheats and cracks.
The Vidar malware is an evolution of the infamous Arkei Stealer, which employs sophisticated tactics to target specific regions based on language preferences, whitelisting certain countries for further infection.
Distribution expanded through PPI malware service PrivateLoader, the Fallout Exploit Kit, and the Colibri loader.
By late 2023, Vidar was also being propagated through the GHOSTPULSE malware loader.
First located on Russian-language forum Exploit in 2019, the Raccoon Stealer malware operates under a 'malware-as-a-service' model, enabling clients to rent it monthly.
Password reuse presents a major vulnerability, as even strong passwords can be compromised if reused on unsecure platforms.
The effectiveness of password-stealing malware such as RedLine cannot be overstated, but many organizations will not have protections in place to defend against these malware threats.
Continuous scanning of Active Directory for compromised passwords known to be circulating on the dark web is essential to mitigate such risks, because human behavior, including password reuse proves to be the most pervasive challenge.
Threat intelligence and password protection are essential to stay ahead of the latest threats stemming from known breached passwords.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Sun, 12 May 2024 15:43:07 +0000