New Trojan Targets Chrome Password Manager

Sometimes what makes something popular can also make it problematic. Google Chrome, by far the most commonly used web browser in the world, has been targeted by a new trojan that steals passwords and stores them to a remote database.

Immediately after accessing the passwords stored in Chrome’s Password Manager, the password-collecting trojan, called CStealer, connects to the database to share the information.

As Latest Hacking News points out, “Anyone analyzing this malware, whether it be law enforcement, researchers, or other threat actors, can retrieve the hard coded credentials and use them to gain access to the stolen credentials.”

Chrome’s extremely high usage share—by some stat counters, as high as 65% of web users—illustrates its popularity. But perhaps because it is so popular, it is a favored target of password stealers. Storing your passwords, then, is one Chrome feature you’ll want to outsource to a separate, secure password manager.

In May, iolo reported that a new generation of credential-stuffing programs is helping even unskilled malevolent online actors check the login credentials of millions of users against hundreds of websites and online services. The latest trojan further underscores the fact that new password-breaching malware and tools emerge with alarming frequency, making it even more critical than ever to avoid password reuse and web browser storage of passwords.

A good password manager should locally encrypt your passwords in one stored place, calling them up to autofill login info only when you need them. It also ought to be able to generate complex, random alphanumeric combinations for you. The best password managers will even scan the internet to see if any of your old passwords have been leaked onto hackers’ lists. ByePass from iolo technologies can perform all of these functions; it also securely stores your credit card information and any private notes you wish to secure from spying eyes.

ByePass is available as a standalone browser extension and Android/iOS mobile app, as well as one of the features within System Mechanic Ultimate Defense, iolo’s comprehensive software suite designed to speed up, secure and simplify your digital life.