30 April 2021

Passwordstate warns of ongoing phishing attacks after a supply-chain attack


Passwordstate warns of ongoing phishing attacks after a supply-chain attack

Click Studios, the developer behind enterprise password manager Passwordstate, has warned customers of ongoing phishing attacks designed to distribute an updated version of the Moserware malware.

Last week, the Australian software firm disclosed a supply chain attack in which a threat actor abused Passwordstate’s In-Place Upgrade functionality and used it to deploy malware called ‘Moserware’ on user computers.

Now the company says that a malicious actor is targeting its customers with phishing emails disguised as legitimate email messages from Click Studios.

“Unfortunately, some customers have posted copies of this email on social media. It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content,” Click Studios said.

“The phishing attack is requesting customers to download a modified hotfix Moserware.zip file, from a CDN Network not controlled by Click Studios, that now appears to have been taken down. Initial analysis indicates this has a newly modified version of the malformed Moserware.SecretSplitter.dll, that on loading then attempts to use an alternate site to obtain the payload file. We are still analysing this payload file.”

The company is urging users to stay vigilant and ensure the validity of any email sent to them.

Back to the list

Latest Posts

New LV ransomware is actually a tweaked REvil’s binary, researchers say

New LV ransomware is actually a tweaked REvil’s binary, researchers say

An analysis of the LV ransomware binary revealed that LV is a modified version of the REvil 2.03 beta binary.
24 June 2021
MITRE introduces D3FEND framework for tailoring defenses against cyber threats

MITRE introduces D3FEND framework for tailoring defenses against cyber threats

Funded by the US National Security Agency, the D3FEND framework is still in the experimental research phase.
24 June 2021
The European Commission proposes a joint security unit to counter “serious cyber incidents”

The European Commission proposes a joint security unit to counter “serious cyber incidents”

The Joint Cyber Unit will be operational by June 2022 and should be fully established by 2023.
24 June 2021