Downloading the program is an easy enough task, but only when you are using official websites or app stores. If you use third-party sources or torrent, this fake password manager is a good reminder of why the official sources are the best.
This password manager steals your password
Safety researcher WithSecure has discovered A malware campaign in which hackers have been distributing tragged versions of The Keepus Password Manager since at least October 2024. These versions install malware called cobalt strikes with the password manager, who can steal passwords and other credentials saved from your PC and deploy ransomware on your network.
Since the keepass is an open source, hackers easily access the source code to create a solid clone. This malicious version is called keeloader and includes the functionality of all the keepass, except that it saves all your passwords as a text file and sends them to hackers using cobalt strike beacons.
Distribution is handled by fake websites that use typo-scvat domains like the following:
-
reppaswrd.com
-
keegass.com
-
Keepass.me
-
Keespass.biz
-
keebass.com
-
Keepassx.com
Some of these domains are still active and are distributed to fake versions of Keepass. For reference, valid keepass is on the website Keepass.infoFake websites were available through Microsoft’s Bing Search Engine. WithSecure claims that the fake domain was being served through Dakdkgo advertisements. However, given that Microsoft and DuckDuckgo have formed a partnership on Microsoft-provided advertisements, it is also likely that they were also advertised with Bing.
The entire campaign came to light during an investigation into a ransomware incident in the European IT service provider. It was discovered that the fake password manager has not only stolen the credentials, but has also installed a ranges on the company’s VMware ESXI server. WithSecure said that this is the first example of an open-source password manager who is being used simultaneously as a credential-stilling tool and malware loader.
See where you get your programs
You can use the password manager of your browser with precautions, but using a dedicated program is a very safe option. Hackers target password managers exactly for this reason – it risks where you expect at least it, meaning they can catch you with a guard.
Connected
Do not fall for this master password reset email
1password users are under attack, but it is relatively simple to keep your account safe.
You should always download all programs, especially sensitive such as your password manager, your official websites or the app store based on your platform. Downloading software and games from third-party websites or torrent always risk the risk of your program with malware.
As an additional precaution, I will also advise you to avoid clicking advertisements and sponsored links that encourage you to download a program. Even if the advertising program shows a valid URL, hackers have repeatedly shown that they can bypass the ad policies and display you valid URLs by redirecting you on fake sites.
