The corporate password manager Passwordstate has spread malware through its update mechanism that passes user data to cybercriminals.
Passwordstate is a password manager for the business market. Click Studios, the company behind the software, says it has 370,000 users at 29,000 companies. In an email to users, the company reports that hackers could infiltrate the application’s update process.
As a result, the Moserpass malware was spread to several password manager users. These are people who had the tool updated between 20 and 22 April. It is not known how many people did this.
Moserpass is malware that collects system information and data from Passwordstate and then uploads it to a network. Afterwards, it remains silent for a day and repeats this process.
Click Studios recommends in a security advisory that all Passwordstate users change all their passwords as soon as possible and install a workaround. A second advice letter provides more information about the problem. For example, we learn that Click Studios has not been affected, but the hack is limited to the update mechanism.
The attack on Passwordstate is a so-called supply chain attack. The victim is not directly attacked, but the supplier, in this case, Click Studios. The practice is rare, but it already came to the attention of the SolarWinds hack at the end of last year. There too, hackers managed to manipulate the software update process to build a loophole for Solarwinds customers.