How attackers trick password managers

How attackers trick password managers

Organisations are improving their password security, but not enough

Android Instant Apps have become quite popular over the past few years enabling the user to gain full control of travel, business and sleeping habits. Moreover, Android password managers simplified usage by storing credentials so the user does not have to remember them each time when using the Instant App.

Security Researchers have now revealed that password managers are not as safe as they are supposed to be: using a spoofed Instant App, attackers can easily trick the managers as they cannot differentiate between authentic and fake Instant Apps. When a user visits this fake website, the password manager is asked for login credentials. Presenting itself as an authentic instant app, the website is not recognized by the manager as a spoofed Instant App. Eventually, the credentials are given to the attacker without the user even noticing anything suspicious. Neither does a malicious app need to be installed nor is the user asked to insert any credentials.

Read more about this danger here.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles