Researcher releases Free Hacking Tool that Can Steal all Your Secrets from Password Manager
Unless we are a human supercomputer, remembering a different password for every different site is not an easy task.
But to solve this problem, there is a growing market of password
managers and lockers, which remembers your password for every single
account and simultaneously provides an extra layer of protection by
keeping them strong and encrypted.
However, it seems to be true only until a hacker released a hacking tool
that can silently decrypt and extract all usernames, passwords, as well
as notes stored by the popular password manager KeePass.
Dubbed KeeFarce, the hacking tool is developed by Kiwi hacker Denis Andzakovic and is available on GitHub for free download.
Hackers can execute KeeFarce on a computer when a user has logged into
their KeePass vault, which makes them capable of decrypting the entire
password archive and then dumping it to a file that attackers can steal
remotely.
How Does KeeFarce Work?
KeeFarce obtains passwords by leveraging a technique called DLL (Dynamic Link Library) injection, which allows third-party apps to tamper with the processes of another app by injecting an external DLL code.
The injected code then calls an existing KeePass export method to export
the contents of a currently open database, including user names,
passwords, notes, and URLs to a clear-text CSV file.
The key takeaway here is:
KeyFarce is just a password extraction tool that could work perfectly
like a password Stealer for remote hacking when combined with a computer
malware.
If that happens, it is game over as you'll have much bigger things to worry about since most of your data is generally logged in already.
If that happens, it is game over as you'll have much bigger things to worry about since most of your data is generally logged in already.
While KeeFarce is specifically designed to target KeePass password
manager, it is possible that developers can create a similar tool that
takes advantage of a compromised machine to target virtually every other
password manager available today.
0 comments:
Post a Comment