Browsers (Chrome, Firefox, Internet Explorer, Edge, etc.) almost always offer to store your data to pre-fill registration fields: logins and passwords, name, passport number, bank details. Many take advantage of this feature without hesitation. After all, remembering passwords and other information can be difficult, while autocomplete is extremely convenient. With two clicks of your mouse, your information is saved, and you never need to remember again. However, with another two clicks, your bank details can be stolen. With another two clicks, your bank account is drained. After another two, you can’t get back into any of your accounts…
Why did this happen? And how can you avoid being in this situation yourself?
The fact is that personal data is a product in high demand on the black market. Cybercriminals want to have a database of personal information so that they can:
- Send out spam
- Infect your devices with viruses
- Scam your friends and family out of money using your name
- Phishing (getting passwords and other personal data)
- Even money laundering
In 2019, nearly two million users fell victim to password theft programs. This malware has been most commonly found in Russia, India, Brazil, Germany and the United States.
Malicious software is most often distributed through emailing attachments. In addition, stealers (password theft programs) can be distributed through botnets, where they received commands to download and execute a Trojan-stealer.
How do attackers steal personal data?
Since data storage between different browsers is set up almost identically, all the programs to steal data operate in similar ways. Let’s look at Google Chrome and Chromium based browsers as an example.
In open-source Chromium browsers, stored passwords are encrypted and are in your own browser database. Passwords can only be obtained from the database by the user of the operating system that created them, and only on the computer on which they were encrypted, but this does not stop a cybercriminal, who has already hacked the computer.
The encryption depends on the rights of just this user, which means obtaining all the data stored in the browser takes just a few simple steps:
- Retrieve the database file that lies in a standard, default path. To avoid problems accessing the file (if the browser is currently using the file, for example), the hacker can copy the file to another location or close all the browser processes entirely
- Reading encrypted data. This can be done with standard encryption tools
- Decrypting the data. This is carried out directly on the victim’s computer, using specific functions. No additional data is needed to accomplish this – the hacker has the user’s permission.
That’s all it takes! Passwords, bank details, browsing history – all obtained in a decrypted, readable form and ready to be sent to the attacker. In Firefox-based browsers, password encryption is a little more complicated, but, for a hacker, the process is just as simple.
In summary, browser developers try to protect the data entrusted to them. Saved user data is encrypted and can only be decrypted on the device on which it was stored.
However, a stealer virus, once on a computer or smartphone, acts as if it were the user himself. The computer, thinking that it is you requesting data, provides the scammers with all the information they want and need. Along the way, the virus program could also steal files from your desktop (so its better not to store anything important or secret on your desktop!)
How can you protect your personal data?
- Never save passwords to banks accounts, social media, or other valuable sites in your browser. You should manually re-enter your passwords every time. While this is slower, it is also safer and more reliable.
- If you really want to keep passwords saved to your computer, it is better to use a specialized application like KeePass.
- Make a new password for every website – don’t make the job too easy for hackers!
- Protect your device from malware – install a reliable antivirus on your computer or phone
Google recently launched a new Password Checking service. Now, you have the ability to check whether your password is found in the hacked password databases.
To start checking your passwords, press the “check passwords” button in your Chrome settings. Once launched, the service will collect your credentials and check them against an internal database that contains compromised data from more than four billion users. All of them were involved in leaks from the systems of other companies. If the service detects a compromised password, the user is notified of the security issue and advised to change their password.
A similar feature is also included in iOS 14. Open “Settings” then “Passwords” and click “Security Recommendations”.
Users often trust browsers with important information because it is convenient to have input fields filled automatically. This should be avoided because browsers do not have strong enough security to protect from malware.
Programs that hunt for user data through browsers is very popular, and becoming even more popu-lar. Existing programs continue to be actively supported, updated, and upgraded with new features (now even including features that can bypass two-factor authentication).
The safest method is to keep all your passwords in your head, or on a piece of paper, or to think of your own tricks to remember the passwords. If you categorically do not want to remember, make sure you use specialized software to store sensitive data, and be responsible: do not download or open suspicious files, do not click on suspicious links, and, in general, be cautious.