Passwords are commonly used to authenticate accounts. When accessing a private network or a protected database, you’ll typically have to log in by entering your username and password. Even if the network or database is secure, though, your device may be comprised. Computers and other devices can become infected with malware. Depending on the type of malware, it may steal your passwords. How does malware steal passwords exactly?


Malware can steal your passwords by logging your keystrokes. Known as keylogging malware — or simply keyloggers — it’s one of the most common types of malware. Keylogging malware embeds itself on your device where it records or logs your keystrokes. As you enter a password into a login field, it will capture your keystrokes. The keylogging malware will then send this information back to the hacker, thus exposing your password.

Keylogging malware is designed to run silently in the background of your device. It won’t trigger any pop-ups, nor will it show exhibit other signs of a malware infection. While running, though, keylogging malware will steal your passwords.

Autofill Capture

When logging in to accounts through a web browser, you should be conscious of autofill capture malware. Most web browsers have an autofill feature. You can elect to save your passwords so that the web browser will remember them. When saved, the web browser will encrypt and store your passwords locally.

The problem with autofill is that hackers can still access your saved passwords. Your passwords will be encrypted if you elect to save them to your web browser. But if your device is compromised with malware, it may be able to read and steal your stored passwords. A report published by Kaspersky reveals that autofill capture malware is on the rise.

Brute Force

Another way malware can steal your passwords is by conducting a brute-force attack. Statistics show that brute-force attacks are responsible for about one in 20 data breaches. Brute-force attacks can be performed either manually or automatically. Manual brute-force attacks involve a hacker randomly entering username and password combinations. Automated brute-force attacks, on the other hand, involve the use of malware to spam username and password combinations.

Depending on the strengh of your passwords, malware may be able to capture them by conducting an automated brute-force attack. If you use short or otherwise weak passwords, it will have an easier time guessing them. You need to choose strong passwords while also using anti-malware software to safeguard your passwords from these attacks.