An increasingly popular hacking tool, available for sale on the dark web, poses an elevated threat to users who store passwords in their browsers. RedLine, a malware designed to steal encrypted password catalogues from some of the most popular web browsers has been circulating widely and is being used as a tool for wider targeted attacks.



Where Does It Come From?


RedLine was first observed in March of 2020 but grew steadily in popularity through 2021. The malware itself is part of a bustling economy of hack-for-hire tools which are for sale in the dark corners of the deep web. Would-be cyber criminals can purchase the tool for around $200 or use it on a subscription basis. Hackers then attempt to get the malicious code onto a target’s computer and use the revealed passwords, autofill information and credit card details to launch further attacks or scrape user data and resell it as a bundle on illicit forums.


How Does It Work?


The tool is designed to penetrate the autofill and password storage systems for the Opera, Google Chrome and Microsoft Edge browsers. These browsers use encryption to keep stored passwords scrambled but have mechanisms to decrypt the information for use when the primary user is accessing the programs. RedLine runs surreptitiously as that primary user to trick the system into decrypting the information, then scrapes all available data and sends it back to the waiting attacker. The payload itself can be disguised in an email attachment, or other file. One popular method of wide-net deployment is to post files purporting to be a piece of cracked (illegally pirated) software, but actually containing the malware.



What Should You Do?


Browser credential storage is extremely convenient, especially at a time when a user might have dozens of separate accounts (hopefully with unique passwords). However, these stored passwords will continue to be a tempting target for cyber criminals, as RedLine aptly illustrates. Using a dedicated password manager (Such as LastPass or 1Password) which stores all your credentials in a separate encrypted vault requiring a master password to access is likely a safer alternative. In either case, it is more crucial than ever that users enable two factor authentication for any account which offers the option. This will ensure that even if someone obtains your credentials, they won’t be able to access your account without control of your mobile device or security key.



Browser developers will continue their efforts to close loopholes in their platforms, but they will always be playing a game of catchup against well-resourced and tenacious cyber criminals. There can be no substitute for caution and good information hygiene on the end-user side. If you have questions about how best to keep your information safe online, give us a call at Mankato Computer Technology.