Hackers have a new favorite target: Password managers

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Password managers have long been considered one of the most effective tools for securing digital credentials. They offer features like secure password storage, automated password generation, and seamless login retrieval. 

Popular services like 1Password, LastPass, and NordPass are widely used to help individuals and organizations manage their online credentials efficiently. 

However, a growing concern among cybersecurity experts is the increasing complexity of cybercriminals’ explicit targeting of these platforms to gain unauthorized access to sensitive information.

Hackers are using password managers to access your data

A recent study by cybersecurity firm Picus Security has highlighted a troubling trend: cyberattacks on password managers were three times more likely in 2024 compared to the previous year. 

Their research, published in the Red Report 2025 (via Digital Trends), analyzed one million malware variants.

They found that 25 percent targeted password managers or other password storage methods, such as web browsers, that save login credentials. 

This indicates a sharp rise in cybercriminal interest in breaching password management systems.

One of the most alarming findings from the report is that stealing credentials from password stores has entered the top 10 techniques in the MITRE ATT&CK Framework for the first time. 

Picus Security revealed that these top 10 cyberattack techniques were responsible for 93 percent of all malicious actions in 2024. This demonstrates that credential theft has become a primary objective for many cybercriminals.

Picus Security has identified a sophisticated, multi-stage cyberattack method called “SneakThief.” 

This technique is characterized by heightened stealth, persistence, and automation. It allows attackers to perform over a dozen malicious actions to extract data without being detected. 

The method involves advanced techniques such as memory scraping, registry harvesting, and compromising local and cloud-based password storage systems.

Due to its effectiveness, Picus refers to this approach as “the perfect heist.”

Enabling multi-factor authentication (MFA) and avoiding password reuse, particularly when storing credentials in a password manager, is strongly recommended.

Interestingly, despite artificial intelligence playing a growing role in cybersecurity, the Red Report found no significant rise in cybercriminals utilizing AI-driven malware in 2024. 

However, as cyber threats evolve, cybersecurity experts stress the need for vigilance and proactive security measures to protect digital credentials.

What do you think about this new approach from hackers? What steps are you going to take to keep your passwords safe? Tell us below in the comments, or via our Twitter or Facebook.