The ongoing war between people trying to secure software they use, and their opponents who are constantly searching for new ways to hack the secure software is raging on. According to a new report, a malware named 'Citadel' is now attacking password managers.
People rely on password managers to remember multiple and/or complex passwords for various accounts. If a person inputs a 'master password' into this manager, they can access all their previously stored credentials. These softwares are now being targeted by Citadel.
Labeled as highly evasive; the trojan has already infected millions of computers according to Dana Tamir, director of enterprise security at IBM company Trusteer. While this malware isn't exactly new, the disturbing thing revealed by IBM are the instructions it contains to compromise password management and authentication solutions.
The malicious software can stay idle on machines for an indefinite length of time and then be triggered by a specific action by a user. This essentially means that most people do not even know that their computer is already infected by this malware. Tamir describes this trojan's activities in the following words:
It instructs the malware to start keylogging (capturing user keystrokes) when some processes are running.
IBM is not sure whether these attacks are opportunistic or targeted but they have found out that the attackers were using a legitimate web server as the C&C. However, by the time the IBM Trusteer research lab received the configuration file, the Command and Control files were already removed from the server, so researchers were not able to identify who was behind this configuration.
The processes targeted by the malware include Personal.exe (neXus Personal Security Client), PWsafe.exe (Password Safe), and KeePass.exe (KeePass). IBM has contacted the vendors in question to allow them to proactively notify their customer base and to provide any product-specific recommendations.
IBM predicts that by 2016, people will be using more reliable methods to keep software safe and passwords secure through unique biological identity and biometric data such as facial definitions, iris scans, voice files and DNA, but until then, we must keep on fighting against cybercriminals to protect our personal data.