Passwords Obsolete? Hackers Target Your Web Sessions

CyberArk specialists report that malefactors are mastering new methodologies to access users’ data without the necessity for passwords or multifactor authentication requests. A prevalent technique involves intercepting web sessions through the theft of cookie files, made feasible by the deployment of info stealers.

Primary infection methods include phishing, malicious advertising on Google and social networks, and the mimicking of pirated software, including applications and cheats for games. Once a user initiates a malicious application, malware targeting login data and sessions across various applications springs into action. The pilfered data is then transmitted to the perpetrator’s server for further use or sale on various forums in the darknet or the open internet.

The repercussions of data theft can be multifaceted: from orchestrating targeted attacks to accessing a company’s codebase or launching assaults on the supply chain. Moreover, stolen cookies can serve as entry points for ransomware operators, resulting in data breaches and operational halts.

According to February 2024 data from VirusTotal, Any.Run, and Malware Bazaar, the most successful stealers include RisePro, RedLine, StealC, LummaC2, and Vidar. This malware, besides cookies, often pilfers other vital browser files, as well as data from applications like Telegram, Discord, and Steam.

RisePro stands out for its prevalence and leaves behind files such as “passwords.txt,” simplifying the task for researchers and incident response specialists in identifying the type of malware.

StealC is noteworthy for storing part of its configuration server-side, a unique feature among its kind.

LummaC2, while only featured in one prevalence rating, merits attention for its innovative approach to distribution and protection from analysis.

To minimize risks, it is crucial to elevate user awareness about the dangers of downloading software from unreliable sources, as well as to employ solutions to prevent the execution of malicious software. In the digital age, it is paramount not only to implement the latest protective technologies but also to maintain a high level of vigilance to safeguard against the theft of credentials and sessions.