Exposure of personal information on the internet has become an increasingly hot topic for many people over the past few years, especially with how many sites have had exposures of your PII (Personally identifiable information). The most publicized attacks are usually hackers who have broken into company systems to gather information, (such as Equifax). Another type of attack that doesn’t get enough attention though, are companies distributing malware with their public software releases.
Recently exposed on Reddit, users exposed a popular flight simulator for distributing malware; in a claimed attempt to stop software pirating. Fidus Information Security were the first ones to investigate the issue after hearing about the Reddit post. They found that the malware authors designed the payload to steal login credentials from web browsers using a Chrome password dumping tool by SecurityXploded. The most baffling part of this situation is that these passwords are Base64 Encoded send over HTTP, yes HTTP, to a log collection server with RDP access opened to the internet. There are many questions that have come up from this incident, but the most popular ones: What were they using the passwords for? And how securely did they store them?
This is not the first time that a company has distributed malware without the user’s knowledge. The most notable one was a few years ago when the CSGO gaming client ESEA (CounterStrike Global Offensive) was exposed for distributing an active Bitcoin miner; which they claimed was an April Fools joke after they had made roughly $3000. What ESEA did was punishable under the Internet Spyware Prevention Act , US regulators pinned ESEA with a $1m fine for installing a Bitcoin miner in its software.
As stated in the spyware prevention act: “Whoever intentionally accesses a protected computer without authorization, or exceeds authorized access to a protected computer, by causing a computer program or code to be copied onto the protected computer, and intentionally uses that program or code in furtherance of another Federal criminal offense shall be fined under this title or imprisoned not more than 5 years, or both.”
How can you keep yourself protected?
1). Avoid using any of your browser auto-filled or browser password managers
3). Use a different password for every site that you visit. Most password manager tools include an option for creating a unique and longer passphrase.
4). Use Two-Factor authentication whenever possible. You can see a list of sites that support 2FA here: https://twofactorauth.org/