[jmull]

> "First of all, malware provides a level of access that makes hacking LastPass accounts unnecessary. If it can intercept or extract the LastPass master password, it can do the same for all other passwords as well."

That logic doesn't really make sense. Malware might make hacking LastPass accounts unnecessary, but it would still be highly desirable (one target gives you everything else).

Frankly, it feels like OP decided on the conclusion before any analysis was done.

[ViViDboarder]

The additional justification there seems to ring true to me at least. If you had machine access, why not download the database from the “trusted” (compromised) machine? Why not extract the plain text passwords when they unlock their vault? How would it impact users who hadn’t logged into their accounts in years?

Malware doesn’t seem to fit to me.

[jmull]

Consider if you have key logger logs you’d like to profit from. What do you look for? Login credentials is a good idea… which login credentials should you target? Password manager credentials seem like a good idea, since that gives you full login details for anything else else you might want.

[gruez]

But if that were true you'd expect a bunch of other account compromises?

[smorgusofborg]

If it is a group accumulating passwords via extensions it would make a lot of sense to me if they planned to sell them like credit card data on bulletin boards.

I don't think individual financial accounts would sell that well without really knowing if you have the necessary associated email accounts, etc to delay detection of a fraud.

I also don't think such groups are necessarily sophisticated enough not to have someone slip up at stage 2 of their plan, give away a few accounts to boast, etc, etc.