The Web browser has become an ubiquitous hub for both work and play, often storing our most confidential information, including banking and other personal data than any other programs.
While most browsers offer to save your login details or personal data: which may include bank card details for online stores, and billing address, which convenience is to help you autofill such requirements on any website than filling out the forms all over again, so as to worry less about forgotten passwords or not having your card information beforehand.
But, with the convenience of the autofill data, cybercriminals can now scoop up data from your computer by getting it infected by a stealer malware — which is crafted to steal information from browsers.
According to Kaspersky Lab, browsers based on the Chromium engine (such as Chrome, Opera and Yandex.Browser) store user data in same place, making it easy for the stealer malware to find the stored data, albeit the data are stored in encrypted form, but as the malware already have access to the system, it acts as the request is coming from the computer users.
So the malware puts in a request to the browser’s data encryption tool to decrypt the information stored on the computer, which requests are seemingly from the user and considered safe by default, the stealer in turn will now get all the passwords and credit card details saved on the browser.
However, Firefox browser appears to function a bit differently, given that it hides the password databases from strangers, and creates a random profile name for it, so that the malware cannot decode where to look out for the stored information. Though, the file name with the saved data doesn't change, there is no protection to stop the stealer from sifting through all the profiles and identifying the required file, as the folders containing the data are stored in one place.
As for the precise method and type of storage for Microsoft Internet Explorer and Edge depends on the application version, but still the reliability also leaves much on the table. Again the malware can easily retrieve passwords and banking card details direct from storage, by requesting it seemingly on behalf of the computer user.
Afterwards, the malware will simply request the relevant browser to decrypt the files, and it usually succeeds, as the decryption of data request appears to come from the user, because it is supposedly acting on behalf of the users and the malware now sends the data back to the cybercriminals.
It is therefore recommended for security reasons that users do not entrust their important information like banking card details to browsers for storage, rather them should manually enter it each time there is need — even though it may take longer time, but this is safer. Otherwise, you can also make use of a trusted password manager.