Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Passwordstate Users Told to Reset All Passwords Following Cyberattack

Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software’s In-Place Upgrade functionality.

Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software’s In-Place Upgrade functionality.

The functionality, the company says, served a poisoned update after a threat actor managed to compromise the upgrade director on the clickstudios.com.au website. The breach was closed after roughly 28 hours.

“Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested,” Click Studios says.

Affected customers of the enterprise password manager might have downloaded a malformed update package that contained a modified moserware.secretsplitter.dll file designed to fetch additional content from a remote location and to start a malicious process.

That process harvests and exfiltrates a variety of system information, including computer name, usernames, current process name and ID, domain name, running processes and services, display name and status, proxy server address for Passwordstate, and the password manager’s username and password.

The malicious process gathers a great deal of data from Passwordstate, including URLs, usernames, passwords, notes, and other information stored in the application.

Customers are advised to check the moserware.secretsplitter.dll file and, if it’s size is 65kb, to contact the Click Studios support team to receive a hotfix file and additional details on the cleanup operation.

Affected customers are also advised to reset all of the passwords stored in Passwordstate, as they might have been exfiltrated by the attackers.

Click Studios says that the number of affected users appears to be low and that it has contacted active customers to inform them of the incident.

Related: After Hack, Officials Draw Attention to Supply Chain Threats

Related: Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.