Researchers have discovered that a well-known type of malware has been used to target password management tools.
Password management tools are an inevitable target for criminals because they hold a list of all your usernames and passwords, and many can also store credit card information and other personal details used for online shopping.
With information all stored in one place, it makes password management tools a potential single point of weakness. If it is compromised, so are all the accounts you have stored in it.
According to the researchers, the malware is a new version of Citadel malware. Citadel has previously been shown to have compromised millions of computers worldwide. It is effective at avoiding detection by security software, and has been used to steal banking passwords with great effect.
Because Citadel is already widespread, it is possible that the criminals could remotely reconfigure the malware that is already on people’s systems to target master passwords.
The new version of Citadel has been adapted to target the master password of your password manager. Under certain conditions it seeks to log the keys you type (record the keys when you press them) as you enter your master password.
To stay safe you should ensure your password manager is as secure as possible, and minimise the chances of encountering malware in your online activities.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.