New malware targets password managers

As the cat-and-mouse game between Internet security vendors and cybercriminals continues, the bad guys are taking a new step to steal people's online data by targeting password management software.

The bad guys' newest weapon is Citadel, which exploits many people's reliance on password managers to remember newly created complex passwords for their online accounts.

"Password managers... relieve the user of the need to remember all the unique and complex passwords that he or she uses to access both personal and work-related applications. Instead, the user need only remember one complex master password, which is much easier. When you provide the master password, these solutions will enable secure access to your applications and services," Dana Tamir, director of enterprise security at IBM company Trusteer, said in a blog post.

She said that while the highly evasive and remotely programmable Citadel Trojan has been around for a while, what is new is the instructions for it to compromise password management and authentication solutions.

"It instructs the malware to start keylogging (capturing user keystrokes) when some processes are running," she said.

Among the processes targeted by the malware are Personal.exe (neXus Personal Security Client), PWsafe.exe (Password Safe), and KeePass.exe (KeePass).

IBM said it has tried to contact the vendors in question so they can proactively notify their customer base and to provide product-specific recommendations.

While Tamir said passwords may soon be replaced by other more reliable forms of authentication, "until then, we must secure our passwords and prevent fraud and exposure from adversaries and cybercriminals." — Joel Locsin /LBG, GMA News