Powerful Windows malware is trying to steal your most sensitive passwords.

Called Masslogger, the malware is a Trojan horse that arrives as an email attachment: Microsoft Outlook, Thunderbird email client, NordVPN, Discord, and other email and chat services, It also attempts to steal usernames and passwords from password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge, and other browsers.

Victims whose passwords are stolen can have their email and chat accounts hijacked, as well as accounts whose passwords were stored in the browser.

As Cisco Talos researcher Vanja Svajcer detailed in a blog post yesterday (February 17), the current malware campaign primarily targets corporate accounts, but does not spare personal accounts. The malware attempts to evade detection by being "fileless," i.e., residing almost entirely in computer memory.

Without getting into the technical aspects, the infection process is a Rube Goldberg machine consisting of seven or eight steps. [The file contains JavaScript, the Windows PowerShell system management interface is opened, a fake image file is downloaded, Microsoft .NET assembly code is retained, and PowerShell allows the system NET assembly code is retained and compiled by PowerShell into runtime malware that exists only in memory.

Is this all? The only trace this attack leaves on the machine is the original email attachment, which appears harmless until the infection process is initiated. Only the best antivirus software and other defense mechanisms that examine what is going on in system memory can catch this attack.

So far, this Masslogger campaign has targeted email users in Turkey, Latvia, and Italy. Previous versions of Masslogger hit Spain, Bulgaria, Romania, Estonia, and Lithuania in the fall of 2020; it may only be a matter of time before Masslogger spreads to the wealthiest countries in Europe and spills over into North America.

To avoid infection, run the best anti-virus software program and be very careful with unsolicited email attachments, even if they are from someone you know. Before opening an attachment, save it anywhere in the file system, right-click (control-click on a Mac) on the item, and scan it with your antivirus software.

Also, instead of saving passwords in your browser, use a third-party password manager; Google and Mozilla are constantly trying to make their browser password managers more secure, but malware still often do.