Passwordstate warns of ongoing phishing attacks after a supply-chain attack

Passwordstate warns of ongoing phishing attacks after a supply-chain attack

Click Studios, the developer behind enterprise password manager Passwordstate, has warned customers of ongoing phishing attacks designed to distribute an updated version of the Moserware malware.

Last week, the Australian software firm disclosed a supply chain attack in which a threat actor abused Passwordstate’s In-Place Upgrade functionality and used it to deploy malware called ‘Moserware’ on user computers.

Now the company says that a malicious actor is targeting its customers with phishing emails disguised as legitimate email messages from Click Studios.

“Unfortunately, some customers have posted copies of this email on social media. It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content,” Click Studios said.

“The phishing attack is requesting customers to download a modified hotfix Moserware.zip file, from a CDN Network not controlled by Click Studios, that now appears to have been taken down. Initial analysis indicates this has a newly modified version of the malformed Moserware.SecretSplitter.dll, that on loading then attempts to use an alternate site to obtain the payload file. We are still analysing this payload file.”

The company is urging users to stay vigilant and ensure the validity of any email sent to them.

Back to the list

Latest Posts

US agencies warn of rising cyber threats from Iran-linked hackers

US agencies warn of rising cyber threats from Iran-linked hackers

Recent months have seen a notable uptick in activity from Iranian-linked hacktivists and government-affiliated threat groups.
1 July 2025
Google rolls out urgent Chrome security patch for active zero-day

Google rolls out urgent Chrome security patch for active zero-day

The flaw, tracked as CVE-2025-6554, is described as a type confusion bug in Chrome's V8 JavaScript and WebAssembly engine.
1 July 2025
Canada bans Chinese surveillance firm Hikvision over national security concerns

Canada bans Chinese surveillance firm Hikvision over national security concerns

From now on, all federal departments, agencies, and Crown corporations are prohibited from purchasing Hikvision products.
1 July 2025