Supply Chain Compromise Leads to Trojanized Installers
July 1, 2024, 11:18 a.m.
Description
Rapid7 discovered that installers for Notezilla, RecentX, and Copywhiz hosted on conceptworld[.]com were trojanized to execute information-stealing malware. The malware can steal browser credentials, crypto wallet info, clipboard data, and keystrokes, as well as download additional payloads. Rapid7 disclosed the issue to Conceptworld, who promptly removed the malicious installers.
Tags
Date
- Created: July 1, 2024, 11:05 a.m.
- Published: July 1, 2024, 11:05 a.m.
- Modified: July 1, 2024, 11:18 a.m.
Indicators
- fdc84cb0845f87a39b29027d6433f4a1bbd8c5b808280235cf867a6b0b7a91eb
- ebf2b84ed64629242f8d0abfca73344736205249539474e8f57d1d3dbe8ccc41
- de4e03288071cdebe5c26913888b135fb2424132856cc892baea9792d6c66249
- cdc1f2430681e9278b3f738ed74954c4366b8eff52c937f185d760c1bbba2f1d
- ca6ff18ee006e7ab3cb42fc541b08ce4231dadfab0cce57b1c126db3df9f1297
- bfa99c41aecc814de5b9eb8397a27e516c8b0a4e31edd9ed1304da6c996b4aaa
- a89953915eabe5c4897e414e73f28c300472298a6a8c055fcc956c61c875fd96
- 70bce9c228aacbdadaaf18596c0eb308c102382d04632b01b826e9db96210093
- 6f49756749d175058f15d5f3c80c8a7d46e80ec3e5eb9fb31f4346abdb72a0e7
- 6487a0dc9dfbbaa6557af096178a1361e49762a41500aa03f17df5d3b159bf4e
- 33e4d5eed3527c269467eec2ac57ae94ae34fd1d0a145505a29c51cf8e83f1b9
- 4df9b7da9590990230ed2ab9b4c3d399cf770ed7f6c36a8a10285375fd5a292f
- 2eae4f06f2c376c6206c632ac93f4e8c4b3e0e63eca3118e883f8ac479b2f852
- 1fa84b696b055f614ccd4640b724d90ccad4afc035358822224a02a9e2c12846
- 048cae10558cddfb2cf0ade25f1101909bba58d0a448e0d78590cc5e64e95127
- 03761d9fd24a2530b386c07bf886350ae497e693440a9319903072b93a30c82d
- 50.2.108.102
- 5.180.185.42
- 212.70.149.210
- 185.137.137.74
- 170.130.34.114
- 104.206.95.146
- 104.140.17.242
- 104.206.2.18
- 104.206.220.113
- 104.206.57.117
- 50.2.191.154