What Is Password Stealer And How Dangerous Is It?

What Is Password Stealer
What Is Password Stealer

Password stealers, or PWS, is the specific malware type that attempts to get your passwords and other credentials. These viruses have been pretty widespread over the last seven years, giving cybercriminals access to the accounts of various individuals and companies. But many users don’t know how it works and how to avoid the PWS injection. Well, let me explain it to you.

Is password stealers worth being afraid of?

Imagine that one day all passwords you typed to log into your account became compromised. It is likely an unwanted occasion for an ordinary user and a complete doom for large corporations, top management, and celebrities who keep many important details in their accounts. Although cybercriminals use these credentials to log in, they can do it as a reason to worry.

Facebook account hijacked

People often underestimate the danger of such situations. Some password stealer attacks are targeted at a specific person, intending to get his sensitive credentials. Meanwhile, your account may be involved in a spamming campaign after the login and password-stealing with the help of this virus.

Besides the identity loss and possible leakage of some essential data, you may also suffer reputation problems. No one can restrict cyber burglars from posting fake information or fake claims that will surely tarnish your reputation. You could spectate such a situation a year ago. A group of cybercriminals accessed the Twitter employee account with the password stealer. Then, crooks wrote a message from a chain of celebrities’ accounts. In those messages, fraudsters offered to take part in cryptocurrency giveaways, hiding under the names of Bill Gates, Elon Musk, Jeff Bezos, and other well-known personalities. That employee whose account was used to commit a 100k+ fraud was fired less than a week later. Still thinking it is not dangerous?

How it works?

The common details of the stealer virus are quite easy to explain even to a non-technical person. After being delivered to your PC, this malware first changes the security settings and networking configurations. Microsoft Defender is the first item under attack since any malware can easily disable it through the Group Policies. Then, viruses may stop the UAC notifications from allowing the operations without your additional approval. People often disable that function themselves since it often annoys instead of securing.

Password stealer mechanism

In networking settings, this virus changes to establish the connection with the command server. The efficiency of the PWS virus depends on the number of credentials it uploads on that server. So there is no reason to inject it without ensuring that service is available to connect. Primarily, the malware uses console commands to establish these connections.

The action starts

After the system changes, the password stealer virus is ready to do its job. It logs all your keystrokes done in the specific fields on the websites. Hence, all passwords you type after the virus injection will be compromised. It is quite hard to prevent it since the virus can log your keystrokes on the hardware level. Any kind of password security on the web page is useless.

Some examples of password stealers can break into the so-called “keychains” and steal the passwords from there. Those “keychains” usually use the encryption mechanisms, but some of them, especially in amateur browsers on Chromium or so, may have weak or no encryption. A virus can easily brute force those password keeping mechanisms and get your credentials even if you did not type them.

In contrast to its “brother” – spyware – password stealers are usually used for targeted attacks. As I have mentioned before, there are a lot of examples of successful PWS virus attacks on the accounts of various celebrities and media persons. Targeted attacks always carry more danger than massive, even if it looks like vice versa. Of course, there is no problem committing a massive attack, but the questionable efficiency usually stops the crooks. If not targeted, PWS malware is spread to small groups of people, like Discord servers or subreddit threads.

How can this virus get on my PC?

Cybercriminals are very inventive when it comes to malware distribution. Usually, the majority of password stealer injections are done through email spamming. A rare case is when you get this virus inside the app of some sort. In such a case, the virus is called trojan-stealer since it is disguised as a legitimate program.

Password stealer injection ways

Email spamming has been a real scourge of the last two years. Cyber burglars attach the infected files to a legitimately-looking email and bait the victim to open the file. Usually, a password stealer hides inside of a macros – a specific add-on for a Microsoft Office document. That add-on is based on Visual Basic and passes all possible security layers because MS Office is above it. By default, macros are disabled for any document, but when Office detects one in the opened file, it offers the user to enable macroses. Inattentive or naive people may click “Allow” and only think about what they did. However, it is already too late to change anything.

Distribution as a trojan virus also requires thinking on new ideas. You may scroll the discussion in Discord, for example, and see how someone asks to test a new utility they programmed. A virus will wait for you right inside of this “program”. In some cases, you can see a download link (or the same file) promoted as a special tool for system optimization or bug fixing. As you can read earlier, all such offers are usually done in a closed community interested in such tools. The attack efficiency is extremely high.

Is it real to protect my computer from the password stealer virus?

Of course. It is much harder to conceal than adware or browser hijackers. The problem is that antivirus programs without proactive protection cannot spot the threat if they do not match the antivirus database’s signature. Proactive protection, driven by the heuristic engine, can detect malware even if nothing is similar in the detection databases. This system monitors the activity of each app and will surely notify you if it sees something suspicious. GridinSoft Anti-Malware can offer you the On-Run protection – the mechanism based on the heuristic engine, developed and set up by a team of professionals. Choose your security tool wisely!

By Polina Lisovskaya

I have been working as a marketing manager for many years and I like to look for interesting topics for you

View all of Polina Lisovskaya's posts.

Leave a comment

Your email address will not be published.