There's a new type of malware on the internet: “Stealers.” They're aimed at swiping the autofill information stashed in your browser window — you know, the passwords and usernames that some browsers requests you let them remember the next time you want to log in.
Granted, stealers aren't brand new. They're a type of Trojan malware, which has been around since the 90s, when they were aimed at grabbing your AOL password.
Still, Stealers are on the rise. Cybersecurity firm Kaspersky found over 940,000 stealer attacks during the first half of 2019, representing a year-over-year increase of one-third since 2018. Here's what to know about the malware, and how you can protect your autofill data.
How Stealer Malware Can Take Autofill Data
First, the good news – browser developers don't make it easy to steal autofill data. They encrypt it so that it's only accessible from the specific device and account that first entered the data. So how does a stealer get away with it? It needs to be a program running from your device, as this lets it trick the browser into decrypting your autofill data.
The exact details of the process differ depending on which browser we're talking about.
Google's Chromium engine, which powers the Google Chrome and Opera browsers among others, stores all the autofill data in a central location, letting a stealer running on a user's device decrypt it with a simple request aimed at the browser’s data encryption tool.
Firefox creates a randomized profile to hide the data within, forcing a stealer to sort through all the profiles before it can request a data decryption, while Internet Explorer and Edge use a “speci ..
Support the originator by clicking the read the rest link below.
