It may be convenient, but saving passwords and other sensitive information in your browser is not a good idea, security experts warn.

Earlier this week, multiple security vendors learned of the resurgence of the dangerous Emotet botnet, after it was taken down in 2021 in a global operation involving multiple countries led by Europol and the US. Proofpoint’s analysis of the new Emotet variant revealed that it contains a new module designed to extract credit card information stored in the victim’s web browser.

“To our surprise, [the new Emotet botnet] was a credit card thief that only targeted the Chrome browser,” Proofpoint tweeted. “Once card details were collected, they were exfiltrated to [attack servers controlled by cybercriminals].”

Charles Everette, Director of Cyber Advocacy at Deep Instinct, told Lifewire via email that Emotet, one of the most prevalent malware variants since 2014, now has several new tricks and attack vectors.