Sign in / up

back to article Citadel Trojan snooped on password managers to snatch victims' logins

Crooks have unsheathed a variant of the Citadel Trojan that targets password managers. The malware is designed to steal a victim's master passphrase, thus unlocking his or her database of website passwords in the process. The software nasty runs a key-logger to intercept what people type into the Password Safe and KeePass open …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Black Helicopters

    Its the NSA!!

    (You thought it, I said it!!)

    2 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Does this run as a dedicated process or is it hooked directly into a windows sub-system?

    The article never mentions that, neither do any of the past Reg articles on CryptoLocker or similar strains of badness. This is a tech site, so why not give us more insider detail....?

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Does this run as a dedicated process or is it hooked directly into a windows sub-system?

      Fair dos - my colleague has added some links which address your point, I think.

      1 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Does this run as a dedicated process or is it hooked directly into a windows sub-system?

        Cheers Chris and Drew. Adding those kinds of links sets the Reg apart.. Similar links in future hacks would be great to have too! Cheers...

        1 0 Reply
  3. Jin

    No surprise at all

    What have long been anticipated are now happening as have been anticipated. As repeatedly pointed out by many, password managers should be operated in a decentralized formation or should be considered mainly for low-security accounts.

    0 0 Reply
  4. Velv
    Boffin

    This is why you should have 2FA on your Password Manager, and a physical one at that. Even if the keystrokes are compromised a second out of band authentication is required.

    Yubikey works with LastPass and anyone can set it up. There are other physical implementations out there too.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like