Password Stealers: What Are They, and How Do You Avoid Them?

When it comes to protecting your organization’s sensitive information, password protection is one of the most critical elements of running your business. A single password can open the door for bad actors to break into your entire network and exfiltrate your proprietary information, employee data, and sensitive customer information.

In most organizations, employees are usually the weakest link. People use weak passwords, reuse their passwords, or make their login credentials easy to discover in various other ways.

Other times, they’ll unknowingly download a password stealer, which can discover even the strongest and best guarded login credentials.

What Are Password Stealers?

Password stealers are a kind of malware or spyware that gets installed secretly on a machine. It’s a type of trojan software that makes its way across a network. Someone opens up the wrong file in their email or executes a program that was downloaded from the wrong website.

Without their knowledge or consent, the file is installed onto the computer and it begins working in the background, undetected. It could be months before anyone has any clue that passwords or data was stolen.

How Do Password Stealers Work?

Password stealers seek to capture authentication credentials, but they usually look for all sorts of other sensitive information as well.

The malware scrapes login information as you enter your credentials. It runs in the background, gathering information as it’s entered into the machine. The spyware actively watches for things like login prompts, collects your keystroke information, and exfiltrates the gathered data to a secondary website that’s owned by the bad actor.

How to Know if You Have a Password Stealer

The best and most reliable way to spot password stealers before they do any damage is to use updated antivirus software on every machine in your organization. Antivirus scans for and detects this malware. When it identifies a password stealer, it quarantines (secures and deletes) the malware and safely removes it from the machine.

It is most important to have antivirus software installed on all of your organization’s computers, but it won’t do you much good if it isn’t set up properly. Make sure your antivirus software is scanning your machine on a regular basis, and that it’s being updated regularly.

When purchasing antivirus software, look for one that runs live on your machine in addition to periodic scans. Running live means the antivirus can see the actively running processes and compare them to its definitions to detect password stealing software in the moment.

What to Do if You Discover a Password Stealer

If a password stealer is detected on a machine, make sure it gets cleaned and cleared off of the device. Before getting too far, you’ll also need to connect with your IT department to have them help determine what information the bad actor may have been exposed to, in addition to invoking your incident response plans.

Depending on the state of that computer, it may be smart to rebuild the machine just to make sure it’s completely clear of anything the bad actors may have installed on it.

If your machine is networked, you could be at risk of the password stealer spreading across the network and installing itself on other machines. As best you can, immediately seclude your machine from the others on the network until you can ensure that the malware has been fully isolated and disconnected from every networked machine.

Stop Spyware Before It Strikes

Of course, it’s even better to prevent the spyware from getting on your computers in the first place. Train your personnel to spot suspicious emails and to use best practices for passwords.

Email security best practices

There are several indicators that can help you recognize a phishing email:

• There’s a sense of urgency — for example, confirm your account before it gets shut off in 12 hours, your computer’s security is at risk, or you must confirm your credentials.
• It’s an unexpected email — whether it’s from someone you know or don’t know. For example, your Facebook friend is emailing your work account, or a billing issue is sent to you instead of Accounting.
• The From email address is odd. Pay attention to the exact spelling and punctuation of email addresses. A phishing attack may use a very similar domain that looks right at first glance (company-name.com vs. companyname.com).
• It’s poorly written. Phishing emails often come from overseas, where English is a second language.
• The logo doesn’t look right. If an attacker stole a company logo and pasted it into the email, it can have the wrong aspect ratio, or be low-resolution. It might even be an outdated version of the logo.
• Strange attachments or links. Hover over the link and check the URL at the bottom of the window. Do the links go to India or Russia, or some other foreign country?

A nefarious email will typically ask you to click on a link, download an attachment, or reply with sensitive information.

Password best practices

Here are some password best practices that could keep you out of hot water.

• Store all of your passwords in a password management system.
• Never use the same password for more than one account.
• Don’t use a pattern that gets tweaked from account to account.
• For password security questions, don’t answer the question that’s asked, because chances are you’ll answer the same question with the same response every time. That’s another vulnerability. Instead, enter a nonsensical answer instead, and record it in your password manager, noting which question you selected with the associated response.
• If a website gives you the option of turning on two-factor authentication option, DO IT. If an attacker gets ahold of your username and password, that secondary authentication will still keep them out of your account.

Password managers put you in a much stronger position, because they make it easy to set every one of your passwords uniquely and differently, across the board. You no longer need to remember any of your passwords.

The Best Protection Available

While there’s no guarantee that you can protect your company from every possible cyberattack, you can use these best practices to put yourself in a solid position to have the best protection available. Organizations that take security and compliance seriously are the ones that tend to avoid becoming headlines in the news.

Want more best practices to keep your company from being vulnerable to cyberattacks? Subscribe to our blog.