Password Stealing Malware
I got a call saying we have malware that stole some login credentials. What's this about?
User names and passwords (login credentials) are stolen every day by criminals who want to gain access to your company's email accounts, vendor accounts, and sensitive data. Once they have the login to your email account they can find out every type of financial account you have and reset the password to one only they know. They can move money or get copies of contracts, proposals, customer lists, your plans, interactions with payroll companies, lawyers and accountants.
If you've used the same password at more than one website - the criminals can get into every website where you used the same password as the one they managed to steal from you.
We are often asked "How did you find out about this?". It's very common that the lists of stolen credentials are circulated on the Internet. We monitor for these Indicators of Compromise (IOC) and notify you when we see one for your company. Please note we are not selling anything.
The following websites provide some info about credential stealing malware:
- PC World article on malware stealing supply chain credentials
- Network World: Employees can be a weak link in cyber security
If you have been notified that a particular user at your company has an Indicator of Compromise for stolen login credentials - have any computer, phone or tablet they use cleaned of malware and after that, change their passwords, using a different password at each different website. For our research, please let us know if you found an issue or not, resolved it, or needed more help.