Downloading programs is an easy enough task, but only if you’re using official websites or app stores. If you use third-party sources or torrents, this fake password manager is a good reminder of why the official sources are best.
This Password Manager Steals Your Passwords
Security researchers atWithSecure have discovereda malware campaign in which hackers have been delivering trojanized versions of the KeePass password manager since at least October 2024. These versions install malware called Cobalt Strike, which can steal saved passwords and other credentials from your PC and deploy ransomware on your network.
Since KeePass is open source, hackers easily accessed the source code to create a convincing clone. This malicious version is called KeeLoader and contains all of KeePass' functionality, except it saves all your passwords as a text file and sends them to hackers using Cobalt Strike beacons.
The distribution is handled by fake websites that use typo-squatted domains like the following:
The entire campaign came to light during WithSecure’s investigation of a ransomware incident at a European IT service provider. It turned out that the fake password manager not only stole credentials but also installed ransomware on the company’s VMware ESXi servers. WithSecure noted that this is the first instance of an open-source password manager being used simultaneously as a credential-stealing tool and malware loader.
Watch Where You Get Your Programs
You canuse your browser’s password manager with precautions, but using a dedicated program is a much more secure alternative. Hackers target password managers for exactly this reason—it puts risk where you least expect it, meaning they can catch you off guard.
Don’t Fall for This Master Password Reset Email
1Password users are under attack, but it’s relatively simple to keep your account safe.
You should always download all programs, especially sensitive ones like your password manager, from their official websites or the app store based on your platform. Downloading software and games from third-party websites or torrents always runs the risk of your program coming with a side of malware.
