For user convenience, web browsers store the account and password entered into the login form when the user visits a website and provide the feature to enter them automatically upon revisiting. The password management feature is enabled by default on Chromium-based web browsers (Edge, Chrome).

Figure. Chrome pop-up suggesting to save password
The information entered when logging in is saved to the Login Data file via the password management feature.

Chrome C:\Users\<User name>\AppData\Local\Google\Chrome\User Data\Default\Login Data
Edge C:\Users\<User name>\AppData\Local\MicrosoftEdge\User\Default\Login Data

Login Data is an SQLite database file, and the account and password information are saved to the logins table. In addition to accounts and passwords, the time saved, URL of the login site, and the number of times of access is saved to the logins table.

If the user refuses to save account and password information of a site, in order to remember this, the blacklisted_by_user field will be set as 1, the username_value and password_value fields will not have accounts or passwords, and only the origin_url information is saved to the logins table. //

– Collecting and stealing information saved to browsers
– Login account and password
– Cookies
– Autofill
– Credit card information
– Browsers targeted for attack
– All Chromium-based browsers
– All Gecko-based browsers
– Cryptocurrency wallet information
– Seed file saved to the system