This Fake Password Manager Reminds You to Watch Where You Download From

Summary

• Security company WithSecure has discovered a campaign that has been using a fake version of the password manager KeePass to steal users’ passwords since October 2024.
• Known as KeeLoader, the malicious version contains all the legitimate functionality of the real app, except it saves all passwords to a text file, which are then sent to hackers.
• The campaign was discovered when the company was investigating a ransomware attack on a European IT service provider, which turned out to have been caused by the fake password manager.
• This is the first recorded instance of a password manager being used as a loader for malware and credential theft.
• The campaign used fake domains and were served through advertisements on search engines, highlighting the risks of using unofficial sources for downloading software.

By Yadullah Abidi

Original Article