How attackers trick password managers

How attackers trick password managers

Organisations are improving their password security, but not enough

Android Instant Apps have become quite popular over the past few years enabling the user to gain full control of travel, business and sleeping habits. Moreover, Android password managers simplified usage by storing credentials so the user does not have to remember them each time when using the Instant App.

Security Researchers have now revealed that password managers are not as safe as they are supposed to be: using a spoofed Instant App, attackers can easily trick the managers as they cannot differentiate between authentic and fake Instant Apps. When a user visits this fake website, the password manager is asked for login credentials. Presenting itself as an authentic instant app, the website is not recognized by the manager as a spoofed Instant App. Eventually, the credentials are given to the attacker without the user even noticing anything suspicious. Neither does a malicious app need to be installed nor is the user asked to insert any credentials.

Read more about this danger here.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]