New Citadel Trojan Targets Your Password Managers
Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously??

Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one.

Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack.

The malware has previously targeted users' credentials stored in the password management applications included in popular Web browsers, however, third-party best password managers have typically not been targeted by the attackers.

But, researchers at IBM Trusteer noted that the configuration file of the notorious malware had been modified to activate a keylogger when users opened either Password Safe or KeePass, two open-source password managers. Designed to steal the "Master Password" that protects access to the database of the end-user's passwords.
"Password management and authentication programs are important solutions that help secure access to applications and Web Services," Dana Tamir, director of enterprise security at Trusteer, wrote on IBM's Security Intelligence blog.
"If an adversary is able to steal the master password and gains access to the user/password database of a password management solution or compromise authentication technology, the attacker can gain unfettered access to sensitive systems and information."
In addition, the new Citadel variant also targets the enterprise authentication solution Nexus Personal Security Client used to secure financial transactions and other services that require heightened security, according to research from data-protection company IBM Trusteer.

Once the malware infected a computer, it waits until one of the configured process is launched. The malware then logs keystrokes to steal the master passwords, allowing cybercriminals complete control over the machine and victims' every online account protected by that password manager.

The Citadel Trojan has been in existence since 2011 that has already compromised millions of computers around the world. According to the security researchers, Citadel is "highly evasive and can bypass threat detection systems."
"[The Citadel variant] might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions," reads the blog.
In June last year, the tech giant Microsoft along with the FBI and financial services companies launched a "takedown" operation against Citadel botnets, which had stolen more than $500 million from bank accounts over the past 18 months. At the time, the group claimed it disrupted more than 90% of Citadel botnets.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.