Attackers have started using the Citadel Trojan program to steal master passwords for password management applications and other authentication programs.

The Citadel malware has typically been used to steal online banking credentials and other financial information by modifying banking sites on the fly when opened by users in their local browsers. The technique is known as a man-in-the-browser attack.

However, earlier this year, security researchers from Trusteer, a subsidiary of IBM, reported that Citadel also was being used in targeted attacks against petrochemical companies.

To read this article in full or to leave a comment, please click here