MacBook Pro 16-inch M1 Max review MacBook Pro 14-inch M1 Pro review MacOS Monterey is here World Series 2021: How to watch Guardians of the Galaxy game review Google Doodle recalls Surrealist photographer

Malware that can steal your passwords spikes 60%, security firm warns

Credit card info and autofill data is up for grabs as browser-based attacks surge.


More than 940,000 consumers were targeted by password-stealing malware this year. 

James Martin/CNET

Malicious software that wants to steal your passwords is on the rise, according to new research from Kaspersky. Fewer than 600,000 consumers were targeted by password-stealing malware in the first half of 2018, according to a release Tuesday from the security firm. During the same period in 2019, that number rose to over 940,000 -- a 60% increase. 

The culprits are stealer trojans or password stealing ware that target sensitive data such as credit card numbers and autofill information via web-browser vulnerabilities, according to the report. Of those users who encountered this type of malware, 25 percent were infected with Azorult, one of the most commonly bought and sold password-stealers in Russian forums, according to Kaspersky. 

The most pervasive malware targets user desktops. Why? 

According to the report, "the fact is that files most needed by the user are commonly stored there. And among them may well be a text file containing frequently used passwords."

One way to avoid browser-based password theft is to decline your browser's automatic password-saving features when prompted and instead use a password manager. CNET's run-down on password managers can get you up to speed. For Firefox users, a suite of content-blocking options are available to secure your data.

The full Kaspersky report is available on its Securelist website.

Now playing: Watch this: WhatsApp update fights malware that infects devices with...