advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

Hacker trojan is now after your password manager’s password

Just when you thought that you had made it safely away from Wirelurker and successfully sidestepped Masque Attack, there is another piece of malware that wants to part you from your carefully stored personal data.

But this time the sneaky bugger isn’t after just any password, it’s after the mother of all passwords: the secret phrase that you use to access your password vault (if you use one). For though slightly confused, a password vault programme is an application that stores all your passwords to a variety of websites and login service. The principle is that you can use super-obscure, completely random passwords for websites without worrying about having to remember them. All you need is one memorable but secure password for your vault.

The danger is that if hackers were to gain access to that, they will virtually own your life.

According to research from data-protection company IBM Trusteer, there is a configuration file in the Citadel trojan that hackers altered so that it starts up a keylogger when open source password managers Password Safe or KeePass is executed.

Dana Tamir, director of enterprise security for IBM Trusteer, explained that while there is a relatively low risk of attack now, the better the hackers get at refining the intrusive piece of technology, the more prevalent attacks can be in the future.

“Once the malware captures this master key, then they can use that master key to exercise complete control over the machine and any of the user’s online accounts,” she told Ars Technica.

Tamir also warned that the Citadel Trojan is very dangerous and can make its way past most malware or antivirus detection applications.

“It is important to note that Citadel is highly evasive and can bypass most threat detection security systems. It can stay idle on a user’s machine for weeks, months and even years until it is triggered by a user action. This means that many users and organizations do not know that their machines are already infected, and the existing infection can be quickly turned against them,” she explained in a blog post.

She added that even though the two open source password managers have come under attack, password managers in general are still better than just having a few passwords that gets rotated by users to access different sites.

If you do use a password vault (and we highly recommend you do) there is a way to combat keyloggers: turn on two factor authentication if possible. Both of the open source managers listed above have two-factor plugins, and most of the commercial alternatives (like LastPass) also support it.

[Source – Ars Technica, image – Shutterstock]

advertisement

About Author

More
Hypertext

Hypertext

Hypertext is one of South Africa’s leading technology news and reviews sites, catering for consumers, small and medium businesses and the technology channel.
advertisement

Related News

X fights Australia to keep violent video on its platform globally

Meta starts licensing headset OS to Lenovo, ASUS, and more

SPEEDRUN – FlySafair weirdly quiet about accident during takeoff

Passengers stuck for hours as Gautrain loses power

FlySafair puts statement about aircraft incident behind pay-wall

US TikTok ban moves one step closer

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.