A software update to Click Studios' Passwordstate password manager contained malware.
In an attack reminiscent of that of IT management and remote monitoring software firm SolarWinds, a malicious update to the Click Studios password-manager platform Passwordstate dropped malware onto its software systems this month.
Click Studios is warning customers to change all stored passwords for their accounts, including VPNs, firewalls, switches, local accounts, and servers.
The attack was revealed today by researchers at the CSIS Security Group, which also published indicators of compromise for the attack — which they have dubbed Moserpass. According to CSIS, the breach occurred between April 20 and April 22, using a malicious update via a zip file named Passwordstate_upgrade.zip that included a malicious DLL, moserware.secretsplitter.dll. Click Studios said the command-and-control for the attack was shut down on April 22.
Click Studios has some 29,000 enterprise and government customers worldwide, across aerospace, banking, defense, healthcare, utilities, and other industry sectors.
Read the CSIS findings here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024