Saving your passwords in your browser is a worse idea than you thought

3 min. read

Published onDecember 29, 2021

published onDecember 29, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Yes, we know what a nuisance constantly typing passwords can be for some of us, and modern-day browsers offer a way around having to always do that.

Sure, the fact that your browser saves your login information can be very helpful most of the time, but have you ever thought that your credentials could become exposed this way?

Well, you should know that the RedLine information-stealing malware targets some of the most popular browsers such as Chrome, Edge, and Opera.

A quick interaction with this virtual bad boy and you’ll soon find out why storing your passwords that way is actually a bad idea.

This malicious software is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.

A recent case of serious RedLine infection is a website contact form spamming campaign that uses Excel XLL files that download and install the password-stealing malware.

RedLine helps steal your browser-stored credentials

A new recent report from security experts atAhnLab ASECwarns us that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem.

Based on a demonstration shared by the analysts, a remote employee lost VPN account credentials to RedLine Stealer cybercriminals who used the information to hack the company’s network three months later.

Although the infected computer had an anti-malware solution installed, it failed to detect and remove RedLine Stealer, so make sure you keep this in mind next time you want to save your credentials on your browser.

RedLine will actually target theLogin Datafile found on all Chromium-based web browsers and is an SQLite database where usernames and passwords are saved.

The worst part is that, even when users refuse to store their credentials on the browser, the password management system will still add an entry to indicate that the particular website is blacklisted.

And while the hackers may not have the passwords for this blacklisted account, they can still find out that the account exists, actually allowing them to engage in credential stuffing or phishing attacks.

Again, we understand that using the web browser to store your login credentials is tempting and convenient, but it also exposes you to major malware infections that can lead to disaster.

Your best alternative, in this case, would be to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.

Activating multi-factor authentication, wherever this is available, is an additional step that we encourage you to take, in order to better secure your precious data.

Have you also grown accustomed to storing your login credentials in your browser? Share your experience with us in the comments section below.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Saving your passwords in your browser is a worse idea than you thought#

RedLine helps steal your browser-stored credentials#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Saving your passwords in your browser is a worse idea than you thought

RedLine helps steal your browser-stored credentials