Malware that can steal your passwords spikes 60%, security firm warns

Credit card info and autofill data is up for grabs as browser-based attacks surge.

Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Rae Hodge

More than 940,000 consumers were targeted by password-stealing malware this year. 

James Martin/CNET

Malicious software that wants to steal your passwords is on the rise, according to new research from Kaspersky. Fewer than 600,000 consumers were targeted by password-stealing malware in the first half of 2018, according to a release Tuesday from the security firm. During the same period in 2019, that number rose to over 940,000 -- a 60% increase. 

The culprits are stealer trojans or password stealing ware that target sensitive data such as credit card numbers and autofill information via web-browser vulnerabilities, according to the report. Of those users who encountered this type of  malware , 25 percent were infected with Azorult, one of the most commonly bought and sold password-stealers in Russian forums, according to Kaspersky. 

The most pervasive malware targets user desktops . Why? 

According to the report, "the fact is that files most needed by the user are commonly stored there. And among them may well be a text file containing frequently used passwords."

One way to avoid browser-based password theft is to decline your browser's automatic password-saving features when prompted and instead use a password manager. CNET's run-down on password managers can get you up to speed. For Firefox users, a suite of content-blocking options are available to secure your data.

The full Kaspersky report is available on its Securelist website.

Watch this: WhatsApp update fights malware that infects devices with just a call