Jaysu
Banned
- Joined
- 21.09.20
- Messages
- 122
- Reaction score
- 837
- Points
- 63
Malicious updates were distributed in the period from 20 to 22 April this year.
Unknown attackers compromised the Passwordstate corporate password manager update mechanism and used it to install malware on users ' systems.
The developer of Passwordstate, Click Studios, has already sent out emails to its customers notifying them of the incident. According to the Click Studios website, the list of its clients includes 29 thousand companies around the world, including government organizations, as well as firms in the defense, financial, aerospace and other fields.
According to the notification, malicious updates were distributed between April 20 and 22. As the investigation showed, the attackers compromised the In-Place Upgrade function and used it to send a malicious update, which is a zip archive " Passwordstate_upgrade.zip " containing a malicious DLL “moserware.secretsplitter.dll”. After installation, the malware, called Moserware, contacted the management server to request new commands and additional payload.
At the moment, it is unclear what additional malicious modules were loaded on the compromised systems and what actions the attackers performed, since they disabled their management server immediately after the hack was detected.
Click Studios has already released a hotfix that eliminates malware. Experts recommend that Passwordstate users reset all passwords stored in the manager as soon as possible, especially for VPNs, firewalls, switches, servers, and local accounts.
Unknown attackers compromised the Passwordstate corporate password manager update mechanism and used it to install malware on users ' systems.
The developer of Passwordstate, Click Studios, has already sent out emails to its customers notifying them of the incident. According to the Click Studios website, the list of its clients includes 29 thousand companies around the world, including government organizations, as well as firms in the defense, financial, aerospace and other fields.
According to the notification, malicious updates were distributed between April 20 and 22. As the investigation showed, the attackers compromised the In-Place Upgrade function and used it to send a malicious update, which is a zip archive " Passwordstate_upgrade.zip " containing a malicious DLL “moserware.secretsplitter.dll”. After installation, the malware, called Moserware, contacted the management server to request new commands and additional payload.
At the moment, it is unclear what additional malicious modules were loaded on the compromised systems and what actions the attackers performed, since they disabled their management server immediately after the hack was detected.
Click Studios has already released a hotfix that eliminates malware. Experts recommend that Passwordstate users reset all passwords stored in the manager as soon as possible, especially for VPNs, firewalls, switches, servers, and local accounts.