Password stealers, or PWS, is the specific malware type that attempts to get your passwords and other credentials. These viruses are pretty widespread over the last 7 years, giving the cybercriminals access to the accounts of various individuals and companies. But a lot of users don’t know how it works and how to avoid the PWS injection. Well, let me explain it to you.
Is password stealers worth being afraid of?
Just imagine that one day all passwords you typed to log into your account became compromised. It is likely an unwanted occasion for an ordinary user, and a complete doom for large corporations, their top-management and some celebrities who keep a lot of important details in their accounts. Regardless of the fact that cybercriminals used these credentials to log in, the fact that they can do it is a reason to worry about.
People often underestimate the danger of such situations. Some of the password stealer attacks are targeted on a specific person, intending to get his sensitive credentials. Meanwhile, your account may be involved in a spamming campaign, after the login and password stealing with the help of this virus.
Besides the identity loss and possible leakage of some important data, you may also suffer the reputation problems. No one can restrict the cyber burglars from posting some fake information, or fake claims that will surely tarnish your reputation. You could spectate such a situation a year ago. A group of cybercriminals accessed the Twitter employee account with the password stealer. Then, crooks managed to write a message from a chain of celebrities’ accounts. In those messages, fraudsters offered to take part in cryptocurrency giveaways, hiding under the names of Bill Gates, Elon Musk, Jeff Bezos and other well-known personalities. That employee whose account was used to commit a 100k+ fraud was fired less than a week later. Still thinking it is not dangerous?
How it works?
The common details of stealer virus is quite easy to explain even to a non-technical person. After being delivered to your PC, this malware first makes several changes in the security settings and networking configurations. Microsoft Defender is a first item under attack, since it can easily be disabled by any malware through the Group Policies. Then, viruses may stop the UAC notifications, in order to allow the operations without your additional approval. People often disable that function themselves, since it often annoys instead of securing.
In networking settings, this virus makes some changes in order to establish the connection with the command server. The efficiency of PWS virus depends on the amount of credentials it uploads on that server. So there is no reason to inject it without ensuring that server is available to connect. Primarily, malware uses the console commands to establish these connections.
The action starts
After the system changes, the password stealer virus is ready to do its job. It logs all your keystrokes done in the specific type of fields on the websites. Hence, all passwords you type after the virus injection will be compromised. It is quite hard to prevent it, since the virus is simply able to log your keystrokes on the hardware level. Any kind of password security on the web page is useless.
Some examples of password stealers are able to break into the so-called “keychains” and steal the passwords from there. Those “keychains” usually use the encryption mechanisms, but some of them, especially in amateur browsers on Chromium or so, may have weak or no encryption. Virus can easily brute force those password keeping mechanisms and get your credentials even if you did not type them.
In contrast to its “brother” – spyware – password stealers are usually used for targeted attacks. As I have mentioned before, there are a lot of examples of successful PWS virus attacks on the accounts of various celebrities and media persons. Targeted attacks always carry more danger than massive, even if it looks like vice versa. Of course, there is no problem to commit a massive attack, but the questionable efficiency usually stops the crooks. If not targetly, PWS malware is spread to small groups of people, like Discord server or subreddit thread.
How can this virus get on my PC?
Cybercriminals are very inventive when it comes to malware distribution. Usually, the majority of password stealer injections are done through email spamming. More rare case is when you get this virus inside of the app of some sort. In such a case, the virus is called trojan-stealer, since it is disguised as a legitimate program.
Email spamming has been a real scourge of the last two years. Cyber burglars attach the infected files to a legitimately-looking email, and bait the victim to open the file. Usually, password stealer hides inside of a macros – a specific add-on for a Microsoft Office document. That add-on is based on Visual Basic, and passes all possible security layers because of the MS Office above it. By default, macros is disabled for any document, but when Office detects one in the opened file, it offers the user to enable macroses. Inattentive or just naive people may click “Allow”, and only then think about what they did. However, it is already too late to change anything.
Distribution as a trojan virus also requires thinking on new ideas. You may scroll the discussion in Discord, for example, and see how someone asks to test a new utility he/she programmed. Virus will wait for you right inside of this “program”. In some cases, you can see a download link (or the exact file) promoted as a special tool for system optimization or bug fixing. As you can read earlier, all such offers are usually done in a closed community, who may really be interested in such tools. The attack efficiency is extremely high.
Is it real to protect my computer from the password stealer virus?
Of course. It is much harder to conceal than adware or browser hijackers. The problem is that antivirus programs without the proactive protection are not able to spot the threat if it does not match with the signature in AV-database. Proactive protection, driven by the heuristic engine, is able to detect malware even if there is nothing similar in the detection databases. This system monitors the activity of each app, and will surely notify you if it sees something suspicious. GridinSoft Anti-Malware can offer you the On-Run protection – the mechanism based on the heuristic engine, developed and set up by a team of professionals. Choose your security tool wisely!