Supply Chain Compromise Leads to Trojanized Installers
July 1, 2024, 11:18 a.m.
Tags
External References
Description
Rapid7 discovered that installers for Notezilla, RecentX, and Copywhiz hosted on conceptworld[.]com were trojanized to execute information-stealing malware. The malware can steal browser credentials, crypto wallet info, clipboard data, and keystrokes, as well as download additional payloads. Rapid7 disclosed the issue to Conceptworld, who promptly removed the malicious installers.
Date
Published: July 1, 2024, 11:05 a.m.
Created: July 1, 2024, 11:05 a.m.
Modified: July 1, 2024, 11:18 a.m.
Indicators
fdc84cb0845f87a39b29027d6433f4a1bbd8c5b808280235cf867a6b0b7a91eb
ebf2b84ed64629242f8d0abfca73344736205249539474e8f57d1d3dbe8ccc41
de4e03288071cdebe5c26913888b135fb2424132856cc892baea9792d6c66249
cdc1f2430681e9278b3f738ed74954c4366b8eff52c937f185d760c1bbba2f1d
ca6ff18ee006e7ab3cb42fc541b08ce4231dadfab0cce57b1c126db3df9f1297
bfa99c41aecc814de5b9eb8397a27e516c8b0a4e31edd9ed1304da6c996b4aaa
a89953915eabe5c4897e414e73f28c300472298a6a8c055fcc956c61c875fd96
70bce9c228aacbdadaaf18596c0eb308c102382d04632b01b826e9db96210093
6f49756749d175058f15d5f3c80c8a7d46e80ec3e5eb9fb31f4346abdb72a0e7
6487a0dc9dfbbaa6557af096178a1361e49762a41500aa03f17df5d3b159bf4e
33e4d5eed3527c269467eec2ac57ae94ae34fd1d0a145505a29c51cf8e83f1b9
4df9b7da9590990230ed2ab9b4c3d399cf770ed7f6c36a8a10285375fd5a292f
2eae4f06f2c376c6206c632ac93f4e8c4b3e0e63eca3118e883f8ac479b2f852
1fa84b696b055f614ccd4640b724d90ccad4afc035358822224a02a9e2c12846
048cae10558cddfb2cf0ade25f1101909bba58d0a448e0d78590cc5e64e95127
03761d9fd24a2530b386c07bf886350ae497e693440a9319903072b93a30c82d
50.2.108.102
5.180.185.42
212.70.149.210
185.137.137.74
170.130.34.114
104.206.95.146
104.140.17.242
104.206.2.18
104.206.220.113
104.206.57.117
50.2.191.154
Attack Patterns
T1195.002
T1059.006
T1048
T1053.005
T1560.001
T1555.003
T1059.003
T1115
T1571
T1056.001
T1204.002
T1005