1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers are distributing a cracked password manager that steals d

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 20, 2025 14:30:08
    Hackers are distributing a cracked password manager that steals data, deploys ransomware

    Date:
    Tue, 20 May 2025 13:17:00 +0000

    Description:
    A tainted version of KeePass is making rounds so be careful what you're downloading.

    FULL STORY ======================================================================A malicious variant of KeePass is being offered online The malware deploys an infostealer and a Cobalt Strike beacon The cybercriminals are using the
    access to deploy ransomware

    Cybercriminals are distributing a tainted version of a popular password manager, through which theyre able to steal data and deploy ransomware . This is according to security researchers WithSecure Threat Intelligence, who recently observed one such attack in the wild.

    In an in-depth analysis published recently, the researchers said a client of theirs downloaded what they thought was KeePass - a popular password manager. They clicked on an ad from the Bing advertising network, and landed on a page that looked exactly like the KeePass website.

    The site, however, was a typosquatted version of the legitimate password manager. Since KeePass is open-source, the attackers kept all of the legitimate tools functionalities, but with a little extra Cobalt Strike on
    the side.

    60% off for Techradar readers

    With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.

    Preferred partner ( What does this mean? ) View Deal Purview and Defender

    The fake password manager exported all of the saved passwords in a cleartext database, which was later relayed to the attackers through the Cobalt Strike beacon. The attackers then used the login credentials to access the network and deploy ransomware, which is when WithSecure was brought in.

    WithSecure said that the campaign has the fingerprints of an initial access broker (IAB), a type of hacking group that obtains access to organizations
    and then sells it to other hacking collectives. This particular group is most likely associated with Black Basta, an infamous ransomware operator, and is now being tracked as UNC4696.

    This group was previously linked to Nitrogen Loader campaigns, BleepingComputer reported. Older Nitrogen campaigns were linked to the now defunct BlackCat/ALPHV group.

    So far, this was the only observed attack, but that doesnt mean there arent others, WithSecure warns: "We are not aware of any other incidents
    (ransomware or otherwise) using this Cobalt Strike beacon watermark this
    does not mean it has not occurred."

    The typosquatted website thats hosting the malicious KeePass version was
    still up and running at this time, and was still serving malware to unsuspecting users. In fact, WithSecure said that behind the site was extensive infrastructure, created to distribute all sorts of malware posing
    as legitimate tools.

    Via BleepingComputer You might also like Beware - this fake KeePass download site is just spreading malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-are-distributing-a-cracked-pass word-manager-that-steals-data-deploys-ransomware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)