KeePass trojanised in advanced malware campaign

KeePass trojanised in advanced malware campaign(labs.withsecure.com)

5 points by melicerte 1 year ago | 2 comments

Ukv 1 year ago |

> signed version of the open-source password manager KeePass [...] KeePass’s actual source code was altered [...] risks of trusted software being hijacked

To be clear, as far as I'm able to tell from the report, the actual KeePass is safe and has not been infiltrated/compromised. The malicious version was from malvertising/typosquatting sites, and signed by random compromised certifications - not by the KeePass developer.

I guess what they're intending to emphasize is that the malware authors recompiled KeePass to add their malware as opposed to just packaging it alongside KeePass in an installer, but it did initally sound like something far worse had happened.

melicerte 1 year ago | |

> Of particular concern, WithSecure Threat Intelligence identified a successful campaign, spanning at least 8 months, where legitimate source code of the popular open-source password manager tool ‘KeePass’ had been modified, and recompiled with trusted certificates.

My understanding is that if you don't pay particularly care to where you get your KeePass from, you can be tricked into downloading and installing a keepass from perfectly valid installer, potentially leaking all your passwords to the attackers.

I don't know if using open source projects with recompiled sources and valid trusted certificate is a common vector of attack but WithSecure reports that it has been installed a number of times across several of their customers.