July 4, 2024 at 09:10AM
Conceptworld Corporation, an India-based software company, was found to be distributing information-stealing malware with its software products. Researchers from Rapid7 discovered that the installation packages of their tools, Notezilla, RecentX, and Copywhiz, had been Trojanized. Despite replacing the malicious installers, users were unknowingly exposed to the dllFake malware, capable of stealing information from various sources.
The meeting notes describe a situation where an India-based software company unknowingly distributed information-stealing malware along with its primary software products. The company quickly addressed the issue after being alerted by researchers from Rapid7 and replaced the malicious installers with legitimate ones.
The attackers combined the company’s legitimate software installers with their malware. Although the specific method used is unknown, it is believed they gained access to the server hosting the downloads, potentially through exploiting a vulnerability. The resulting installer packages were unsigned, and while there were few indications of anything amiss, there were some potential signs, such as the larger file size when compared to the company’s website.
The malware, named “dllFake,” is capable of stealing information from cryptocurrency wallets, web browsers, logging keystrokes and clipboard data, and downloading and executing further payloads. Despite its capabilities, the researchers noted that the malware’s implementation suggests a low level of sophistication, with multiple key indicators left in plaintext.
In response to this incident, it is emphasized that any software download, particularly freely available ones, should be treated with an appropriate level of suspicion until legitimacy can be confirmed. Additionally, users can employ methods such as signature validation, hash reputation, and freely available sandboxes for verifying downloaded software.
Let me know if you need any more information or assistance.