Autofill is one of the features offered by most browsers. With this feature, the browser can automatically save and fill in a number of data such as account names and passwords, credit card numbers, and so on.
Indeed, this feature looks useful and practical because users do not have to fill in the same data repeatedly. But behind this there turns out to be a data theft vulnerability.
Kaspersky’s findings show, the autofill feature can be an entry point for hackers, if the computer is infected with malware that can steal information from the browser.
The first half of 2019, Kaspersky detected more than 940 thousand actions like this. Compared to the same period in 2018, this figure has increased by a third.
Kaspersky also stressed that hackers were not only interested in the autofill feature in the browser, but also that they were trying to find a crypto currency wallet and game account data. In addition, they are also interested in stealing files from the user’s desktop.
How the Autofill Feature in the Browser Works
The browser developer tries to protect the information entrusted to him. Therefore, they set a number of steps, including implementing encryption on data charging traffic on their products and decryption that is only possible on the same device from the same account that holds it.
So, if a third party steals data from autofill, he may not be able to use it because all components in the browser are encrypted.
However, browser developers assume that the device and user account are protected, meaning that every program that runs from an account on the computer acts on the user’s knowledge.
Therefore, the browser can obey the command to extract and decrypt the stored data. Unfortunately, this also applies to malware that has penetrated the device and taken over the user’s account.
Among the many browsers on the market, according to Kaspersky, the only browser that offers extra protection from third parties for data storage is Firefox.
Firefox allows creating the main password that the user must enter when the user wants to decrypt and use that data for autofill. However, this option is disabled by default and because of this, Firefox users are strongly advised to activate it.
What Happens to Data Stolen by Third Parties?
After the malware has autofill data in plain text, it will send it back to its owner. From there, one of two scenarios can be revealed.
The owner of the malware can use it for himself or, maybe sell it to other third parties on the black market, where such products have very valuable value.
If the username and password are among the information stored, cyber criminals are very likely to steal several user accounts and try to deceive relatives or friends on behalf of the original owner of the account.
If the user stores the debit credit card data in the browser, the loss can be immediately felt, for example the perpetrator will make a number of transactions with a credit card or transfer money on a debit card to another account.