Security attacks on password managers have soared

News
By
published

Number of attacks increases three times in just a year

A hand laying out a password
(Image credit: Getty Images / Boris Zhitkov)
  • Picus Security says the number of attacks against password managers skyrocketed in 2024
  • The malware is growing more sophisticated
  • Users should deploy MFA with password managers, research suggests

Cybercriminals are increasingly targeting password managers in an attempt to break into various important digital accounts.

Picus Security detailed its findings in the newly-released Red Report 2025, based on an in-depth analysis of more than a million malware variants collected last year, finding a quarter of all malware (25%) targeted credentials in password stores. This, the researchers claim, represents a three-fold increase compared to the year before.

“For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework,” they said. “The report reveals that these top 10 techniques accounted for 93% of all malicious actions in 2024.”

Multi-factor authentication

The attackers are using all sorts of sophisticated extraction methods in their attacks, Picus Security co-founder and VP of Picus Labs, Dr. Suleyman Ozarslan said, including memory scraping, registry harvesting, and compromising local and cloud-based password stores.

To tackle the threat, Ozarslan added, it is pivotal people use password managers together with multi-factor authentication (MFA). Furthermore, they should never reuse a password, especially for their password manager.

The attacks are not just growing in volume, but in sophistication, as well. Picus said it’s seen threat actors prioritizing “complex, prolonged, multi-stage attacks” that require a new generation of malware. That malware, infostealers included, comes with increased stealth, persistence, and even automation. The researchers likened this increasing sophistication to “the perfect heist”, since most malware samples come with “more than a dozen malicious actions designed to help attackers evade defenses, increase permissions and exfiltrate data.”

A password manager is a tool that securely stores, generates, and autofills passwords for websites and apps. It helps users create and manage strong, unique passwords without needing to remember them all. It is considered one of the key pillars of good cybersecurity hygiene.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
Young woman working at a coffee shop with a laptop
Too many passwords, not enough brain space? Here’s how password managers can improve your life
password manager
I'm a security expert - here are my biggest tips for creating a secure password for work and home life to stay safe online
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen
Security padlock in circuit board, digital encryption concept
MFA alone won’t protect you in 2025: the new cybersecurity imperative
Latest in Security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Latest in News
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
More about security
Scam alert

A new SMS energy scam is using Elon Musk’s face to steal your money
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

Nation-state threats are targeting UK AI research
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging

Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
See more latest
Most Popular
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
Cowabunga, dude!
Teenage Mutant Ninja Turtles: Shredder’s Revenge, a nostalgic beat-em-up with beautiful pixel graphics, is finally coming to mobile next month
Empirical Health biomarkers
This new health protocol combines 40 smartwatch biomarkers and blood tests to give you a health score
LG C5 OLED T V with forest road and car on screen
LG reveals US pricing for the LG G5 and LG C5 OLED TVs, and it's great news for OLED fans
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
The Fluance Ri71 speaker in a wood finish, in front of a plant
Fluance's new active stereo speakers look like a dream soundbar alternative, as well as being perfect for turntables or Bluetooth music