Pirates target your password management application

Do you use 1PASSWORD, LASTPASS, NORDPASS or any other password manager? You are not alone. According to a 2023 Security.org studyabout one in three people use a Password manager To secure their connection information. Password managers facilitate connection to your applications, social media accounts and other online services.

They are also increasingly targeted by cybercriminals.

According to a new report From the Cybersecurity Company Picus Security, cyber attacks on password managers and similar services, such as identification information stored by the browser, tripled in relation to the previous year. The company detailed these results in its red 2025 report.

Researchers have found that over a million malware variants, 25% of all malware have targeted password managers or other identification information storage services.

“For the first time, the flight of password stores is in the 10 main techniques listed in the MITER ATT & CK frame,” said Pipus Security, referring to an industry framework to classify Cyberattacks.

According to Picus, cybercriminals are increasingly deploying attacks in several stages, which researchers from the company have nicknamed “Sneakthief”. Sneakthief describes a new type of malicious software attack which implies “an increase in stealth, persistence and automation”. These new malicious software attacks contain dozens of “malicious actions”, which help the pirate access and export data without being caught.

With as many online applications and platforms to manage connections for, more internelpious have adopted password storage utilities to help manage them all. But, in turn, the pirates adjusted their malicious campaigns to focus on password managers. And it makes sense. Why would a hacker put his time and efforts to steal the information to connect a target to a single service when he could steal all their connection identification information? Why steal a key to opening a single door when you can take the main key and access everything?

“The threat actors take advantage of sophisticated extraction methods, in particular the scratching of memory, register harvesting and local password stores, to obtain identification information that gives to Attackers the keys to the kingdom, “said the co-founder of Picus Security and vice-president of the Picus laboratories, Dr Suleyman Ozarslan. “It is essential that password managers are used in tandem with a multi-factory authentication and that employees never reuse password, especially for their password manager.”