Security Firm Warns Of RedLine Malware Plucking Passwords Saved In Your Browser
South Korean cyber-security firm Ahnlab just put out a report warning of exactly such a malware, known as "RedLine Stealer." It's exactly what it sounds like: you get infected by a software that steals personal data, particularly targeting credentials and log-in data. The software was developed in Russia, and it's sold for $150-$200 on cyber-crime forums.
Interestingly, even if you decline to save your password data, Chromium-based browsers will record the site in the "Login Data" database. The purpose of this is apparently to blacklist the site from having its login data stored, but while that will prevent RedLine Stealer from getting your password, it still tells the malware operator that you have an account on that site. From there, they could use social engineering (like phishing) or credential stuffing to attack the user's account.
It's probably not news to regular HotHardware readers, but the safest thing to do with your passwords is to stick them in a dedicated password manager like 1Password. That way your credentials get a second layer of security with your master password. You should also make sure you have two-factor authentication enabled everywhere you can.