TLDR:
- Indian software firm Conceptworld had installers for Notezilla, RecentX, and Copywhiz trojanized with data-stealing malware.
- The malware was capable of stealing browser credentials, cryptocurrency wallet information, logging keystrokes, and executing additional payloads on infected Windows hosts.
Installers for three different software products developed by an Indian company named Conceptworld were compromised to distribute data-stealing malware, according to cybersecurity firm Rapid7. The issue was discovered on June 18, 2024, and remediated within 12 hours of responsible disclosure. The malware had the capability to steal sensitive data, such as browser credentials and cryptocurrency wallet information, log keystrokes, and execute additional payloads. The malicious installers were signed and had a larger file size than their legitimate counterparts.
Once launched, the malware prompted the user to proceed with the installation process associated with the actual software while dropping and executing a binary responsible for running a batch script. The malware also established persistence on the machine and connected to a command-and-control (C2) server to steal data and run more payloads. It targeted information from browsers like Google Chrome and Mozilla Firefox, as well as multiple cryptocurrency wallets. Users who downloaded these installers in June 2024 were advised to check their systems for compromise and take appropriate action, such as re-imaging affected machines.
It’s important for users to be cautious and verify the legitimacy of software installers before downloading them to prevent falling victim to supply chain attacks like this one carried out on Conceptworld’s products.