Hackers use Citadel Malware to attack password management apps

IBM’s Trusteer researchers have discovered a new configuration of the
Citadel malware that attacks certain password managers. The
configuration activates key logging when certain processes are running
on the infected machine.


The targeted processes include Password Safe, and KeePass, two open-source password managers. The variant also targets the nexus Personal Security Client used to secure financial transactions and other services that require heightened security.

Password managers have become popular in the wake of breaches that have exposed millions of end-user credentials. Users collect all their passwords in a “vault” that is protected by a master password. In addition to added security, users can devise long and complex passwords that are hard to guess and that they don’t have to remember since the password manager fills in the password field on the user’s log-on screen.

IBM discovered the variant on a machine that was protected by IBM Trusteer, a suite of security software. IBM bought the Israel company in Sept. 2013 for $1 billion.

The researchers say they are unsure how the variant got on the machine. In addition, the researchers said they did not know if it was an attack with a specific target or a random expedition by attackers to find what types of data they could collect.

“Password management and authentication programs are important solutions that help secure access to applications and Web Services,” Dana Tamir, director of enterprise security at Trusteer, wrote on IBM’s Security Intelligence blog. “If an adversary is able to steal the master password and gains access to the user/password database of a password management solution or compromise authentication technology, the attacker can gain unfettered access to sensitive systems and information.”

The Citadel Trojan is not new. It is a massively broadcast malware
that has already compromised millions of computers worldwide. Once
Citadel installs on a machine, it opens advice channels with a
command-and-control (C&C) server and registers with it. The malware
again receives a agreement book that tells it how it should operate,
which targets what to attending for, what blazon of advice to capture,
which functions to accredit and even provides advice about another
C&Cs that acquiesce the attackers to yield down an apparent C&C
and still accomplish the malware from a new C&C. As continued as the
malware is communicating with the C&C, the agreement book can be
adapted with advice about new targets, activities and C&C
destinations.

Read full Article at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...