Hackers Are Targeting Your Password Management Application

Uncategorized Mihnea


Do you utilize a password manager such as 1Password, LastPass, or NordPass? If that’s the case, you’re in good company. A [2023 survey conducted by Security.org](https://www.security.org/digital-safety/password-manager-annual-report/) indicates that approximately one in three individuals depend on a [password manager](https://www.pcmag.com/articles/more-people-than-ever-are-using-password-managers-you-should-be-too) to keep and safeguard their login details. These applications simplify the process of accessing applications, social media profiles, and various online platforms.

Nonetheless, they are increasingly becoming key targets for cybercriminals.

A [recent analysis](https://www.picussecurity.com/resource/press-release/the-rise-of-perfect-heist-attacks) from cybersecurity firm Picus Security shows that assaults on password managers and akin services, including browser-stored credentials, have surged threefold compared to the previous year. These insights are elaborated in the company’s Red Report 2025.

### An Expanding Target for Cybercriminals

Researchers examined over a million malware variations and discovered that 25% of them particularly aimed at password managers or other credential storage solutions.

“For the first time in history, stealing credentials from password repositories ranks among the top 10 techniques in the MITRE ATT&CK Framework,” Picus Security declared, citing an industry-standard classification system for cyberattacks.

Per Picus, cybercriminals are progressively employing multi-stage attacks, termed “SneakThief” by the firm. This innovative malware strategy prioritizes stealth, persistence, and automation. These operations entail a multitude of malicious actions crafted to assist hackers in infiltrating sensitive data and exfiltrating it without being noticed.

### Reasons Password Managers Are a Key Target

As an increasing number of users turn to password managers for managing their expanding array of online accounts, hackers have adjusted their tactics to concentrate on these tools. Instead of solely pilfering login credentials for individual services, cybercriminals now seek to compromise password managers, thereby providing them access to numerous accounts simultaneously.

“Threat actors are employing sophisticated extraction methods, such as memory scraping, registry harvesting, and compromising both local and cloud-based password repositories,” stated Dr. Suleyman Ozarslan, co-founder and VP of Picus Labs. “This provides attackers with the keys to the kingdom.”

To bolster security, experts suggest pairing password managers with multi-factor authentication (MFA) and ensuring that passwords—especially those for the password manager itself—are never reused.