July 1, 2024 at 09:06AM
On June 18, 2024, cybersecurity firm Rapid7 discovered trojanized installers for three software products from Indian company Conceptworld, distributing information-stealing malware. The compromise was remediated by Conceptworld within 12 hours of disclosure. The malware is capable of stealing browser credentials, cryptocurrency wallet information, logging keystrokes, and establishing connections with command-and-control servers.
Key takeaways from the meeting notes:
– Installers for software products developed by Conceptworld, a company based in India, have been compromised to distribute information-stealing malware.
– The compromised installers correspond to Notezilla, RecentX, and Copywhiz.
– Cybersecurity firm Rapid7 discovered the supply chain compromise on June 18, 2024, and Conceptworld remediated the issue by June 24, 2024.
– The information-stealing malware is designed to steal browser credentials and cryptocurrency wallet information, log clipboard contents and keystrokes, and download and execute additional payloads on infected Windows hosts.
– It’s unclear how the official domain “conceptworld[.]com” was breached to stage the counterfeit installers.
– The compromised installers are unsigned and have a file size inconsistent with legitimate installers, as per Rapid7.
– Users who have downloaded installers for Notezilla, RecentX, or Copywhiz in June 2024 are recommended to examine their systems for signs of compromise and take appropriate action, such as re-imaging affected systems, to undo the nefarious modifications.
Please let me know if you need further information or if there are specific actions to be taken based on these takeaways.