According to research from security company AhnLab, the employee was working from home on a device shared with other household members, which was already infected with Redline Stealer, an infostealing malware.
Although the computer was equipped with antivirus software, the malware was able to evade detection, before stealing the passwords stored in the victim’s browser.
In a bid to protect their corporate network from remote workers with infected devices, the company in question provided employees with a VPN, so that they could access their work files securely.
However, this particular employee stored the login credentials for the VPN in their browser, which was later infiltrated by the malware. Three months later, the company was breached using these credentials.
Given that Redline Stealer malware is being sold online (for roughly $150 – $200), it’s very hard to say who is behind this specific attack.
Cybersecurity experts from AhnLab have warned users to refrain from storing passwords in the browser, despite the convenience. A password manager is a much better option, they say, especially when paired with a security key or another form of multi-factor authentication.