If you use a password manager to store all your online logins, you probably feel pretty secure right now. While there are several different kinds, password managers are generally considered to be a smart decision when it comes to protecting your personal information.
Unfortunately, cyber criminals are desperate to tap into the wealth of private data contained in password managers — and they’re working day and night to make it happen. IBM’s Security Intelligence reports that hackers are using the Citadel Trojan — a type of malware that has already been distributed to millions of computers — to break into our trusted password managers.
How Cyber Criminals Are Hijacking Password Managers
When a computer is infected with malware, hackers can try to steal your information a few different ways; it appears that Citadel is using keystroke logging to obtain passwords. Keystroke logging is a method by which information about every key you press on your computer’s keyboard is captured and collected for cyber criminals.
The newest iteration of Citadel goes beyond just general keystroke logging — it tells the malware to engage in keystroke logging only when certain processes (like when you access your password manager) are initiated. IBM says it discovered 3 different password managers that were directly targeted by the Citadel Trojan. The makers of these products have been notified about the breach by IBM and include:
- neXus Personal Security Client
- Password Safe
The malware uses keystroke logging to find out what your master password for the password manager account is. Once they have that, they’re able to get inside and access the rest of your passwords.
This most recent breach shows that identity theft can happen even to conscientious people who try hard to keep their personal data safe by using password managers. At IdentityForce, we take protecting your information, both offline and online, very seriously and we strive to stay ahead of the bad guys. In fact, our Online Privacy Tools include anti-keylogging software to protect you while you’re online, shopping, banking — or using your password manager. IdentityForce proactively prevents malware from stealing your data and protects every keystroke as you enter it.
Stay tuned for updates on the Citadel Trojan and how it’s affecting password managers. We will be sure to let you know about any new developments.
Image courtesy of Flickr user Nick Carter.