HACKERS are preying on people working from home for passwords stored in web browsers, experts claim.
Keeping passwords saved in the likes of Chrome and Edge are pretty common practice and usually considered quite safe.
They are designed to take the hassle out of remembering login details for every site you use.
But now IT researchers are cautioning against using such features in any browser over a recent security breach that compromised a company.
Bad actors appear to be exploiting the fact office workers in the UK and US are being forced to work from home amid the ongoing coronavirus pandemic.
According to security experts AhnLab, an employee working remotely fell victim as they used a VPN to access their company’s network.
The person was innocently doing their job on a device shared with others they live with, unaware it was already infected with a nasty piece of infostealing malware called Redline Stealer.
This led to sensitive account details and passwords from various sites being stolen, including information to access the company’s VPN.
Most read in News Tech
Hackers then used it to login and pry on the private business data three months later.
And worse still, the computer had antivirus software installed but the malware was able to get around it.
“Although the account credentials storing feature of browsers is very convenient, as there is a risk of leakage of account credentials upon malware infection, users are recommended to refrain from using it and only use programs from clear sources,” AhnLab said.
Redline Stealer is pretty cheap and easy to get hold of on the dark web, which means it’s hard to trace the incident back to a specific group.
It costs as little as $150/£111 to get hold off.
The malicious tool first appeared in March 2020, right as the pandemic began to spread.
It comes amid a huge spike in scams over the course of COVID-19’s unwelcome arrival.
In other news, NASA has slammed Russia after a missile it fired into one of its own satellites forced the space station to perform an emergency swerve.
Scientists have figured out how fast a type of dinosaur could run – and it would have given Usain Bolt a run for his money.
And Google has confirmed that some of its smartphones are unable to call emergency services due to a software bug.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at firstname.lastname@example.org