Redline steals stored log-in info

Redline malware can capture log-in user names and password credentials stored by your browser, amongst all the other info it steals.

An unnamed company's systems were breached through this browser option, giving hackers access to the impacted company’s network and files. The hacked company provided remote workers with access to a virtual private network (VPN) and Redline accessed a username and password to the VPN which were stored in one employee’s browser.

Browsers can automatically store usernames and passwords in a "Login Data" file, but it's clearly a security risk. This  feature is enabled by default in Chromium-based browsers like Google Chrome and Microsoft Edge. You may want to turn that option off.

For better/worse, Redline hackers had an unsecured(!) online database with 6 Million records, which a security expert found. Read more...

On top of that, LastPass (password manager) says their master passwords appear to have been compromised. As far as is known, LastPass has been able to block attempts to use stolen master passwords coming from devices and/or locations not directly associated with a user's account. Read more...