30 April 2021

Passwordstate warns of ongoing phishing attacks after a supply-chain attack


Passwordstate warns of ongoing phishing attacks after a supply-chain attack

Click Studios, the developer behind enterprise password manager Passwordstate, has warned customers of ongoing phishing attacks designed to distribute an updated version of the Moserware malware.

Last week, the Australian software firm disclosed a supply chain attack in which a threat actor abused Passwordstate’s In-Place Upgrade functionality and used it to deploy malware called ‘Moserware’ on user computers.

Now the company says that a malicious actor is targeting its customers with phishing emails disguised as legitimate email messages from Click Studios.

“Unfortunately, some customers have posted copies of this email on social media. It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content,” Click Studios said.

“The phishing attack is requesting customers to download a modified hotfix Moserware.zip file, from a CDN Network not controlled by Click Studios, that now appears to have been taken down. Initial analysis indicates this has a newly modified version of the malformed Moserware.SecretSplitter.dll, that on loading then attempts to use an alternate site to obtain the payload file. We are still analysing this payload file.”

The company is urging users to stay vigilant and ensure the validity of any email sent to them.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021