Crooks Turning to RAM Scraping (and magnetic monopoles linked to software piracy)

The problem with keyloggers is you have to wait for the target to type in a username and password. Why not grab the already-stored credentials from memory?

A number of major Australian banks have been storing user credentials in web browsers’ memory in a highly insecure way. If malware gets on the system, it’s a simple matter of running a regular expression against the contents of RAM to pull down all the necessary information to siphon money out of the account.

Sure, if you compromise the user’s device enough to read out memory, there isn’t much you can do security wise. Still, it’s never a good idea to pass up a very low cost security measure.

Magnetic monopoles: One from the “I thought basic physics meant this was impossible and now you’re telling me it can be used to store more gigabytes per cubic centimeter than any technology known?” department. I’m still hunting for an English article, so run it through your robotic mistranslator of choice.

Researchers at Munich’s Technical University have not only discovered magnetic vortexes that act as magnetic monopoles (called “Skyrmions”), but they’ve figured out that the things can be used to store data at a density of one skyrmion per bit. One skyrmion, in this case, being 15 atoms large — versus the 1 million atoms per bit of current magnetic storage.,memory-gaffe-leaves-aussie-bank-accounts-open-to-theft.aspx

“Customers of major Australian banks are at risk of having usernames and passwords siphoned off by malware thanks to a flaw in the way credentials are stored.

The client-side flaws allowed a custom malware tool to pull passwords, account numbers and access credentials from the Commonwealth Bank, ANZ Bank, Macquarie Bank, St George Bank and Bendigo Bank.

The tool created by security researcher Jamieson O’Reilly was able to scrape the unencrypted credentials from volatile memory of popular web browsers every two hours and siphon off the data up to a day later to remote servers.

He said the memory exposure was likely already exploited by criminals.

“I created this tool to put a spotlight on what most likely is already assisting crooks to extract juicy data from browser memory,” O’Reilly told SC.

“The thing that surprises me is that this is so easily avoidable.”[…]

RAM scrapers represented seven percent of the top 20 threats according to this year’s Verizon Data Breach Investigations Report which O’Reilly said left “a lot of room for growth and creativeness from the attackers side”.”

%d bloggers like this: