Network Security, Malware, Threat Intelligence

Infostealer spread via trojanized Indian software product installers

Share
Privacy concept: pixelated words Malware on digital background, 3d render

Attackers have leveraged trojanized versions of Indian software provider Conceptworld's installers for its Copywhiz, Notezilla, and RecentX programs to facilitate the delivery of information-stealing malware, The Hacker News reports.

Launching the malicious installers — all of which are larger than their legitimate counterparts and have already been removed by Conceptworld from its official website — triggered the execution of a batch script-running binary alongside actual software deployment to establish persistence and ultimately data theft and additional payload execution, according to an analysis from Rapid7. Aside from exfiltrating data from browsers and numerous cryptocurrency wallets, including Atomic, Electrum, and Guada, the infostealer also enables keystroke logging, clipboard content compromise, and the theft of .txt., .doc, .jpg, and .png files, said researchers.

Organizations that downloaded installers for Conceptworld programs last month were urged to identify potential compromises and conduct re-imaging for impacted installations to prevent additional attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.