RedLine, an information-stealing malware, has been targeting popular web browsers such as Microsoft Edge, Opera, Naver Whale, and Google Chrome. The commodity stealer targets passwords saved in these web browsers.
What was found?
A report from AhnLab ASEC warns against the auto-login feature that is available in popular web browsers available in the market.
The RedLine stealer is a commodity malware that can be purchased at an affordable price of just $200 on cybercrime forums.
Hackers use the malware to target login data files saved on Chromium-based web browsers and SQLite databases storing usernames and passwords.
Experts warn that it is a serious security threat impacting both organizations as well as individual users.
If a user refuses to store credentials on the browser, the password management system on the infected machine still makes an entry to show that the specific website is blacklisted.
If the attacker fails to procure the passwords for this blacklisted account, they will know that the account exists and this allows them to carry out attacks such as credential stuffing, social engineering, or phishing.
After stealing the credentials, the attackers either use them for future attacks or sell them on dark web marketplaces.
Recent uses of the stealer
Recently, a contact form spamming campaign was using Excel XLL files to download and install the RedLine malware.
Further, researchers observed that 2easy dark web marketplace is emerging as a prominent marketplace, with half of the sold data being stolen through RedLine stealer.
The recent report on RedLine highlights the danger of using the auto-login feature to store login information in web-browsers. Thus, users are recommended to use a third-party or dedicated password manager that saves login information in an encrypted vault and requires a password to unlock it.