Malware’s new target: your password manager’s password

[securitybreach]

Big surprise......

 

 

Aurich Lawson / Thinkstock

 

Cyber criminals have started targeting the password managers that protect an individual's most sensitive credentials by using a keylogger to steal the master password in certain cases, according to research from data-protection company IBM Trusteer.

 

The research found that a configuration file, which attackers use to tailor the Citadel trojan for specific campaigns, had been modified to start up a keylogger when the user opened either Password Safe or KeePass, two open-source password managers. While malware has previously targeted the credentials stored in the password managers included in popular Web browsers, third-party password managers have typically not been targeted.

 

While the current impact of the attack is low, the implications of the attacker’s focus is that password managers will soon come under more widespread assault, Dana Tamir, director of enterprise security for IBM Trusteer, told Ars Technica.

 

“Once the malware captures this master key, then they can use that master key to exercise complete control over the machine and any of the user’s online accounts,” she said......

 

 

http://arstechnica.c...ster-passwords/

[V.T. Eric Layton]

My MASTER Password Manager is dead tree/ink format. So, even if they do manage to trash my LastPass account, I won't lose anything. Besides, I only use LastPass for non-critical passwords like logins to forums and silly Internet carp like that; no banking, credit card, passwords stored with LastPass. I don't even keep passwords on my computers.... anywhere. You want my passwords, you have to break into my house, face my fearsome kitties, and find the password hardcopy (it's hiding). Good luck with that, especially since I don't leave my house much these days and I have one of these near-to-hand always...