Auditcred is a type of malware that aims to steal login credentials from compromised machines. It functions by installing a loader DLL as a service, using different names such as AuditCred and ROptimizer on different devices. Once installed, the malware can be remotely controlled by attackers who use it to collect usernames and passwords.
The first known case of auditcred being used was in November 2020 when researchers discovered the malware targeting organizations in Europe and North America. The attackers behind the campaign employed a phishing email containing a malicious attachment, which when opened, installed the malware onto the victim's machine.
Since its discovery, the malware has continued to be a significant threat, with several variants emerging that use new techniques to evade detection. To protect against auditcred, users are advised to keep their software up to date and practice safe browsing habits. Additionally, security professionals recommend deploying advanced endpoint protection solutions capable of detecting and blocking new and unknown threats.