Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Password manager Passwordstate hacked to deploy malware on customer systems

Password manager Passwordstate hacked to deploy malware on customer systems

A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users' devices, most of which are enterprise customers.

A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users’ devices, most of which are enterprise customers.

Click Studios, the Australian software firm behind Passwordstate, has notified its 29,000 customers earlier today via email.

According to a copy of the company’s communications, obtained by Polish tech news site Niebezpiecznik, the malware-laced update was live for 28 hours between April 20, 20:33 UTC and April 22, 00:30 UTC.


Danish security firm CSIS, which dealt with the aftermath of this supply chain attack, published today an analysis of the attacker’s malware. The security firm said the threat actor forced the Passwordstate apps to download an additional ZIP file named “Passwordstate_upgrade.zip” that contained a DLL file named “moserware.secretsplitter.dll.” After installation, this DLL file would ping a remote command and control server, from where it would request new commands and retrieve additional payloads.

While initially it was unknown what attackers collected from infected systems, in two updates [PDF, PDF] published after this article went live, Click Studios said the malware collected the following information and sent it back to its command and control server:

Computer Name, User Name, Domain Name, Current Process Name, Current Process Id, All running Processes name and ID, All running services name, Display name and status, Passwordstate instance’s Proxy Server Address, Username and Password

In other words, the password store was taken. According to the Australian company, the following information is typically included in the password table:

Title, UserName, Description, GenericField1, GenericField2, GenericField3, Notes, URL, Password

Although the company said “there is no evidence of encryption keys or database connection strings” were taken, Juan Andres Guerrero-Saade, Principal Threat Researcher at SentinelOne, pointed out on Twitter, that there are tools currently available that can decrypt the Passwordstate vaults and recover cleartext passwords.

Click Studios released a hotfix package [ZIP] that would help customers remove the attacker’s malware, which the company named Moserware. [instructions are in the image above]

Click Studios said the hack took place after a threat actor compromised the “In-Place Upgrade functionality” of a CDN network not controlled by Click Studios. Only the company’s Windows client appears to have been modified to add malware in the attack.

29,000 companies now have to rotate passwords


In the aftermath of this security breach, the Australian firm has told customers to change all the passwords they stored inside compromised Passwordstate password managers as soon as possible.

Since this is a password manager is sold primarily in bulk to enterprises, to whom it is advertised as an on-premises system, changing passwords won’t involve just email and website accounts, but also passwords for internal gear such as firewalls, VPNs, switches, routers, network gateways, and others, which many employees would most likely have saved inside the app thinking it was a secure local storage system.

“This is a real annoying breach,” William Thomas, a malware analyst at UK security firm Cyjax, told The Record. “Imagine having to change all your passwords for each device on the network, on a Friday.”

Several network administrators have told The Record on Friday that they had to work over the weekend to change the passwords of all their IT inventory as a result of the breach. Many companies also intend to activate incident response plans to check logs for unauthorized access as a result of this incident as well, resulting in many overtime hours for their already swamped security personnel.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Satirical Sketch Sparks Political Spouse Feud in South Korea
Indonesia Quarry Collapse Leaves Multiple Dead and Missing
South Korean Election Video Pulled Amid Misogyny Outcry
Asian Economies Shift Away from US Dollar Amid Trade Tensions
Netflix Investigates Allegations of On-Set Mistreatment in K-Drama Production
US Defence Chief Reaffirms Strong Ties with Singapore Amid Regional Tensions
Vietnam Faces Strategic Dilemma Over China's Mekong River Projects
Malaysia's First AI Preacher Sparks Debate on Islamic Principles
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
Russia's Fossil Fuel Revenues Approach €900 Billion Since Ukraine Invasion
Alcohol Industry Faces Increased Scrutiny Amid Health Concerns
U.S. Goods Imports Plunge Nearly 20% Amid Tariff Disruptions
Italy Faces Population Decline Amid Youth Emigration
Trump Accuses China of Violating Trade Agreement
OpenAI Faces Competition from Cheaper AI Rivals
Foreign Tax Provision in U.S. Budget Bill Alarms Investors
Russia Accuses Serbia of Supplying Arms to Ukraine
Gerry Adams Wins Libel Case Against BBC
EU Central Bank Pushes to Replace US Dollar with Euro as World’s Main Currency
U.S. Health Secretary Ends Select COVID-19 Vaccine Recommendations
Trump Warns Putin Is 'Playing with Fire' Amid Escalating Ukraine Conflict
India and Pakistan Engage Trump-Linked Lobbyists to Influence U.S. Policy
U.S. Halts New Student Visa Interviews Amid Enhanced Security Measures
Trump Administration Cancels $100 Million in Federal Contracts with Harvard
SpaceX Starship Test Flight Ends in Failure, Mars Mission Timeline Uncertain
King Charles Affirms Canadian Sovereignty Amid U.S. Statehood Pressure
EU Majority Demands Hungary Reverse Anti-LGBTQ+ Laws
Top Hotel Picks for 2025 Stays in Budapest Revealed
Iron Maiden Unveils 2025 Tour Setlist in Budapest
Chinese Film Week Opens in Budapest to Promote Cultural Exchange
Budapest Airport Launches Direct Flights to Shymkent
Von der Leyen Denies Urging EU Officials to Skip Budapest Pride
Alcaraz and Sinner Advance with Convincing Wins at Roland Garros
EU Ministers Lack Consensus on Sanctioning Hungary Over Rule of Law
EU Nations Urge Action Against Hungary's Pride Parade Ban
Putin's Helicopter Reportedly Targeted by Ukrainian Drones
U.S. Considers Withdrawing Troops from Europe
Russia Deploys Motorbike Squads in Ukraine Conflict
Critics Accuse European Court of Human Rights of Overreach
Spain Proposes 100% Tax on Non-EU Holiday Home Purchases
German Intelligence Labels AfD as Far-Right Extremist
Geert Wilders Threatens Dutch Coalition Over Migration Policy
Hungary Faces Multiple Challenges Amid EU Tensions and Political Shifts
Denmark Increases Retirement Age to 70, Setting a European Precedent
Any trade deal with US must be based on respect not threats', says EU commissioner
UK Leads in Remote Work Adoption, Averaging 1.8 Days a Week
Thirteen Killed in Russian Attacks Across Ukraine
High-Profile Incidents and Political Developments Dominate Global News
Netanyahu Accuses Western Leaders of 'Emboldening Hamas'
Ukraine and Russia Conduct Largest Prisoner Exchange of the War
×