How attackers trick password managers

How attackers trick password managers

Organisations are improving their password security, but not enough

Android Instant Apps have become quite popular over the past few years enabling the user to gain full control of travel, business and sleeping habits. Moreover, Android password managers simplified usage by storing credentials so the user does not have to remember them each time when using the Instant App.

Security Researchers have now revealed that password managers are not as safe as they are supposed to be: using a spoofed Instant App, attackers can easily trick the managers as they cannot differentiate between authentic and fake Instant Apps. When a user visits this fake website, the password manager is asked for login credentials. Presenting itself as an authentic instant app, the website is not recognized by the manager as a spoofed Instant App. Eventually, the credentials are given to the attacker without the user even noticing anything suspicious. Neither does a malicious app need to be installed nor is the user asked to insert any credentials.

Read more about this danger here.

Copyright Lyonsdown Limited 2021

Top Articles

Exposure of financial services to phishing rose by 125% in 2020

There was a 125% surge in the number of phishing attacks that financial services and insurance organisations experienced between 2019 and 2020.

Millions of Brits using old and unsecured routers, finds Which? ISPs differ

Which? has warned that millions of Brits are using old Wi-Fi routers, vulnerabilities in which could be exploited by hackers.

Scripps Health suffers a ransomware attack, suspends critical operations

Scripps Health recently suffered a ransomware attack that forced it to suspend user access to its online portal and applications and divert patient care operations.

Related Articles