Passwordstate Password Manager's Update Mechanism Compromised In Supply Chain Attack

Click Studios, the company behind the enterprise password manager Passwordstate has stated that attackers have compromised the app's update mechanism to distribute malware. According to the company's investigation, the malicious updates have been delivered to users between April 20 and April 22, with initial analysis indicating that hackers used sophisticated techniques to compromise the In-Place Upgrade functionality. Attackers have added the code section 'Loader' that pulls a next stage payload from the C2 above. Read more...