Stealing credentials stored in a Chome browser
Vložit
- čas přidán 31. 08. 2023
- Stealers don't get the headlines that ransomware and BEC attacks do, but can be equally as destructive if deployed on the right users machines. If a user stores credentials to critical applications in their browser, and the application isn't using hardened MFA technology and FIDO authentication, then the data within that application may be at risk.
Stealers are simply deployed tools with minimal footprint and singular focus to access local files and extract cached passwords, and are typically available to anyone with Bitcoin or a stolen credit card.
The video below shows how easy it is for an attacker to crack popular browser stores such as Google Chrome, and access passwords a user probably believes to be safely locked away. By their own admission Google don't have a good solution to this problem, and even enabling Google's on device password encryption does not protect you from this attack today.
