Cybercriminals wielding financial Trojans are constantly seeking new targets. In the past year we’ve seen Zeus malware variants move beyond stealing personal bank credentials and invading the retail landscape. Now cybercriminals are threatening the passwords on your computer. A new variant of Citadel malware, an offspring of the dangerous Zeus financial Trojan, has been identified this week that easily bypasses anti-virus software to steal the user’s master passwords that are kept in password tools including KeePass, Password Safe, and the neXus Personal Security client.
For a history of the Zeus malware family, read Wontok’s whitepaper, The Evolution of Financial Malware
Once inside the password manager, cybercriminals can use your passwords to unlock anything from your bank account to data rich enterprise systems.
According to Wontok Lab’s experts, the best cure is prevention. With financial malware able to bypass traditional anti-virus protection over than 50% of the time, more sophisticated preventative layered approaches are needed to keep malware away from sensitive data. Best case is don’t keep your passwords on your computer at all. But if you do use a password keeper, check for security measures such as two factor authentication, and consider additional layered prevention such as by utilizing a safe browser or launching the application via safe desktop.