Passwordstate, an enterprise password managerโs software update, was allegedly malformed by a threat actor to infect thousands of companies using it. The maker of Passwordstate, Click Studios, informed its customers that hackers have compromised Passwordstateโs update mechanism and thus pushed an infectious update to customers having malware in it.
Passwordstateโs Infectious Update
Supply chain attacks are highly reliable and the most complex attacks in the cybersecurity space. This includes targeting one element of an ecosystem (like an internal employee), compromising his credentials and getting access to the whole network, and impacting their clients ultimately.
Theyโre hard to detect and can cause extreme damage since well rooted into the network before being realized. One such attack was reported by Click Studios, where the update mechanism of its famous Passwordstate is compromised for a supply chain attack.
???? Manager haseล PasswordState zostaล zhackowany a komputery klientรณw zainfekowane.
Producent informuje ofiary e-mailem.
Ten manager haseล jest "korporacyjny", wiฤc problem bฤdzie dotyczyฤ przede wszystkim firmโฆ Auฤ!
(Informacja od Tajemniczego Pedro) pic.twitter.com/PGHhmEKpje
— Niebezpiecznik (@niebezpiecznik) April 23, 2021
Passwordstate is an Enterprise Password Management solution based on the web and used by teams of people within a workplace. Accessible users can share sensitive password resources among them, with adminsโ ability to set access levels for all users. As per Click Studios, Passwordstate is used by over 370,000 professionals in 29,000 companies.
Yesterday, Click Studios sent alerting emails to its customers with a subject title as โConfirmation of Malformed Files and Essential Course of Action.โ In its email, Click Studios said that any update received and installed by Passwordstate customers between โ20th April 8:33 PM UTC and 22nd April 0:30 AM UTC had the potential to download a malformed Passwordstate_ipgrade.zip.โ
Hackers have added a loader to the update, which was sent after compromising the update mechanism for a brief two days. The loader has the ability to procure the next level payload, which is named Moserware, that can record and send the system information and Passwordstate data to the hackerโs C2.
Click Studios has advised users to reset all the passwords in their Passwordstate database for good and install a hotfix to remove the malware from the infectious update system. Also, the indicators of compromise were released to detect the hack.