Kaspersky has uncovered a significant rise in the use of malware designed to harvest consumers’ digital data, known as password stealers. According to Kaspersky’s data, the number of consumers targeted by the stealers increased from less than 600,000 people in the first half of 2018 to over 940,000 during the same period in 2019.

Password-stealing ware (PSW) is a major weapon in a cybercriminals’ toolkit to sabotage consumers’ privacy. This malicious type of software grabs data directly from users’ web browsers using various methods. Often, this includes sensitive data such as access details for online accounts, saved passwords, autofill data and payment card details. Furthermore, some families of this type of malware are designed to steal browser cookies, user files from a specific location (such as a user’s desktop) or app files.

Over the past six months, Kaspersky has detected high levels of activity by password stealers in Europe and Asia. Most frequently, the malware has targeted users in Russia, India, Brazil, Germany and the United States. One of the most widely spread password stealers was multifunctional Azorult, detected on the computers of more than 25% of all users who encountered Trojan-PSW type malware in the observed period.

“Modern consumers are increasingly active online, and understandably rely on the internet to carry out many tasks in their daily lives,” said Alexander Eremin, security researcher at Kaspersky. “This fills their digital profiles with more and more data and details and makes them a lucrative target for criminals, as their information could be monetized in numerous ways afterwards. By securely storing passwords and credentials, consumers can use their favorite online services in confidence that their information will not be put at risk. This should be also supported by installation of security solution as one can never be too careful.”

Kaspersky recommends that consumers take the following measures to ensure their passwords and other credentials remain secure:

  • Do not share passwords or personal information with friends or family, as they could unwittingly make them vulnerable to malware. Never post them on forums or social media channels.
  • Always install updates and product patches to ensure protection from the latest malware and threats.
  • Use a reliable security solution that is designed to securely store passwords and personal information, including passports, driver's licenses and payment cards.