Skip to main content

Password Manager Malware Tricks Users Into Revealing Their Passwords

By February 14, 2020May 9th, 2022Cybersecurity

There’s a new threat making the rounds called ‘Metamorfo’ that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the ‘invoice’ he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it’s not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It’s a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It’s not a perfect solution, but it will certainly minimize your risk.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.