There’s a new virus in Google Chrome browser that not only steals user credentials but also sends it to a Database

There’s a new password stealer in Google Chrome that not only steals user credentials but also sends the data to MongoDB Database as well. The world is moving more towards digitalization and it is something that we all pretty much like right? I mean who doesn’t want to be free from all the troubles of doing so many chores by themselves. Social media platforms and various tech companies are making our lives so much easy by bringing various new web browsers and a variety of digital platforms all aimed to bring more comfort in our lives. Social media platforms are one of the largest sources that are providing a variety of opportunities to its users and people in return are earning a great amount of revenue through it as well.

Despite the fact that our era is moving more towards the digital world and we all are totally in support of it but along with such comfort these digital tech also bring some risks of violation of our personal information which usually big companies fail to secure. Recently, a new Trojan was discovered and that Trojan attempts to steal passwords of users of Google Chrome. While the data breach is something we all already know but what makes this malware riskier than others is the fact that it sends the stolen data to MongoDB database to store all the stolen passwords of Google Chrome users.

Detailed analysis of this Trojan

This virus was discovered by MalwareHunterTeam and later on, when it was analyzed by James he found some interesting things in its workings. According to James, this malware instead of compiling the stolen passwords into a file and sending those files to attackers control this malware directly connects all the stolen credentials to MongoDB database and uses it to store all the stolen data of users of Google Chrome. This malware includes some credentials of hardcoded MongoDB and utilizes the drivers of MongoDB C Driver as a client library to connect all the stolen passwords directly to the database. After stealing the passwords, the malware directly connects to the database and stores the passwords as seen by the network traffic created after being tested by James. Despite the fact that this method is only used to steal the passwords of users but the riskier part is it can also become a source for attackers to gain access to victim’s credentials without them realizing it at all. Any person who can analyze this malware including researchers, law enforcement or some threat actors, these hardcoded credentials can be used and retrieved to gain access to the stolen passwords and that is something that needs to be taken care of as soon as possible.


Photo: Traffic Analyzer / Getty Images

Read next: 25+ Important Stats About Cyber Attacks
Previous Post Next Post