Here’s How Malware Can Steal Passwords From Your Browser Here’s How Malware Can Steal Passwords From Your Browser
News    02/14/2020

Here’s How Malware Can Steal Passwords From Your Browser

Everyone uses browsers every day, both for their private and work-related matters. On the surface, these platforms enable access to the internet.

But in reality, they provide ways for people to shop, do their banking, connect with others, and (often) get their work done. So actually, browsers are one of the essential programs anyone ever uses. On top of that, it stores heaps of confidential data. It makes it a valuable catch for hackers and other cybercriminals.

Malware is usually the primary method hackers use to steal information off a browser. Browsers have this user-friendly feature of storing passwords, credit card details, billing addresses, and other personal information. While convenient, a criminal can appropriate all that data. And any other valuable files or information stored on the device can disappear along with it.

Even when browsers aren’t the target, hackers still make sure to steal any info from there that they can. This practice is increasing too.

Below is a quick breakdown of how malware steals information off browsers. Make sure to check out the few tips on how to protect passwords and other auto-fill data after that too.

How Malware Steals Passwords from a Browser

It takes almost no effort for malware to steal passwords and other information because of how permissions are given on browsers.

Browsers do encrypt passwords and other data to keep outsiders from seeing that information. But - and this is the crux of the problem - when the request to access passwords comes from the same device and account, they provide it. Browsers open up access to all that data without asking for further authentication. They assume it’s the account user requesting.

Malware takes advantage of this loophole by pretending to make the access request on behalf of the user. It is easiest to do on Chromium browsers because they all store auto-fill data in the same place. They also generally don’t ask for a password or another authentication method before providing that data.

Safari, Firefox, and Edge work much the same way. They don’t store data in precisely the same way, but it’s still easy for the malware to sift through the files and find it. Especially since the files all have the same names.

The only difference is that Safari asks for a master password, and Firefox has the option to ask for one too. Though with Firefox, you have to turn it on manually. Otherwise, it gives up the data as Chrome does.

How Browsers Get Infected With Malware

Browsers themselves cannot be infected with malware - but the devices they’re on can. You can get your computer or smartphone infected in many different ways because hackers are rather crafty creatures. The most common ones, though, are through downloaded files, opening links, and visiting dubious websites.

Once on the device, the “stealer” or “spyware” gathers any valuable data it can find. And yes, everyone’s personal data is precious. Criminals steal and sell that information on the black market or use it to commit identity fraud. In 2018 alone, Cifas recorded over 300 000 cases of identity fraud. It’s almost double that of the previous year.

Tips for Avoiding Browser Hijacking and Password Theft

There are many ways to lower the risk of hackers getting access to the browser on a device.

  • First and foremost, the best defense would be to avoid malware. That means reading up on what malware looks like and how devices get affected. Here’s a quick tip to start with: most malware comes from malicious emails.

  • Use antivirus and anti-malware software and make sure the installation is up to date. It won’t always prevent every piece of malware from glomming onto a device. But it will protect against most of it.

  • Keep the browser updated. Not all hackers steal information from a browser through malware. Sometimes they exploit a security bug or a poorly coded extension to get to the information they want. Updating the browser helps prevent that as much as is possible because, along with updates, you download new security patches.

  • Arguably the most crucial tip is to never save passwords or any other auto-fill information on a browser. There are password managers for that, and they do a much better job of keeping data safe. Not only are the passwords they store well-encrypted, but they ask for a master password and use two-factor authentication. Some password managers also support biometric fingerprint authentication, which is an even more secure alternative.


The idea that someone might steal all the passwords and other details stored on a browser is an unpleasant thought. But it needn’t be a big worry for those who take the time to secure their passwords and other data. Being aware of how malware spreads and avoiding it is a big part of it too.


× Zoom Image