Malware
Credential Stealer
Also known as: Password stealer, Credential dumper
Definition
Malware focused specifically on extracting passwords, hashes, and authentication tokens from an infected system or its memory.
Examples
- Mimikatz extracting NTLM hashes from LSASS memory.
- LaZagne pulling passwords from browsers, Wi-Fi, and applications.
Related terms
Info Stealer
Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.
Keylogger
Software or hardware that records the keystrokes a user types, used to steal passwords, financial data, or messages.
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
Kerberos
A ticket-based network authentication protocol that uses symmetric cryptography and a trusted Key Distribution Center to enable secure single sign-on across services.
NTLM Authentication
A legacy Windows challenge-response authentication protocol that proves a user's identity from a stored password hash, now considered weak by modern standards.
Privileged Access Management (PAM)
A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.