Click Studios, the developer behind enterprise password manager Passwordstate, has warned customers of ongoing phishing attacks designed to distribute an updated version of the Moserware malware.
Last week, the Australian software firm disclosed a supply chain attack in which a threat actor abused Passwordstate’s In-Place Upgrade functionality and used it to deploy malware called ‘Moserware’ on user computers.
Now the company says that a malicious actor is targeting its customers with phishing emails disguised as legitimate email messages from Click Studios.
“Unfortunately, some customers have posted copies of this email on social media. It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content,” Click Studios said.
“The phishing attack is requesting customers to download a modified hotfix Moserware.zip file, from a CDN Network not controlled by Click Studios, that now appears to have been taken down. Initial analysis indicates this has a newly modified version of the malformed Moserware.SecretSplitter.dll, that on loading then attempts to use an alternate site to obtain the payload file. We are still analysing this payload file.”
The company is urging users to stay vigilant and ensure the validity of any email sent to them.