Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Passwordstate Users Told to Reset All Passwords Following Cyberattack

Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software’s In-Place Upgrade functionality.

Australian software developer Click Studios on Saturday urged Passwordstate customers to reset all of their passwords if they downloaded a poisoned update using the software’s In-Place Upgrade functionality.

The functionality, the company says, served a poisoned update after a threat actor managed to compromise the upgrade director on the clickstudios.com.au website. The breach was closed after roughly 28 hours.

“Only customers that performed In-Place Upgrades between the times stated above are believed to be affected. Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested,” Click Studios says.

Affected customers of the enterprise password manager might have downloaded a malformed update package that contained a modified moserware.secretsplitter.dll file designed to fetch additional content from a remote location and to start a malicious process.

That process harvests and exfiltrates a variety of system information, including computer name, usernames, current process name and ID, domain name, running processes and services, display name and status, proxy server address for Passwordstate, and the password manager’s username and password.

The malicious process gathers a great deal of data from Passwordstate, including URLs, usernames, passwords, notes, and other information stored in the application.

Customers are advised to check the moserware.secretsplitter.dll file and, if it’s size is 65kb, to contact the Click Studios support team to receive a hotfix file and additional details on the cleanup operation.

Affected customers are also advised to reset all of the passwords stored in Passwordstate, as they might have been exfiltrated by the attackers.

Advertisement. Scroll to continue reading.

Click Studios says that the number of affected users appears to be low and that it has contacted active customers to inform them of the incident.

Related: After Hack, Officials Draw Attention to Supply Chain Threats

Related: Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former NSA cybersecurity chief Rob Joyce joins Sandfly Security's Advisory Board.

Commvault has appointed Pranay Ahlawat as Chief Technology and AI Officer (CTAIO).

Teresa Anania joins Sophos as the company's new Chief Customer Officer.

More People On The Move

Expert Insights