KeePass trojanised in advanced malware campaign

Comments (2)

Ukv · 8h ago

> signed version of the open-source password manager KeePass [...] KeePass’s actual source code was altered [...] risks of trusted software being hijacked

To be clear, as far as I'm able to tell from the report, the actual KeePass is safe and has not been infiltrated/compromised. The malicious version was from malvertising/typosquatting sites, and signed by random compromised certifications - not by the KeePass developer.

I guess what they're intending to emphasize is that the malware authors recompiled KeePass to add their malware as opposed to just packaging it alongside KeePass in an installer, but it did initally sound like something far worse had happened.

melicerte · 7h ago

> Of particular concern, WithSecure Threat Intelligence identified a successful campaign, spanning at least 8 months, where legitimate source code of the popular open-source password manager tool ‘KeePass’ had been modified, and recompiled with trusted certificates.

My understanding is that if you don't pay particularly care to where you get your KeePass from, you can be tricked into downloading and installing a keepass from perfectly valid installer, potentially leaking all your passwords to the attackers.

I don't know if using open source projects with recompiled sources and valid trusted certificate is a common vector of attack but WithSecure reports that it has been installed a number of times across several of their customers.

Legion Health (YC S21) is hiring engineers to help fix mental health with AI (workatastartup.com)

Spark AI (YC W24) Is Hiring a Full Stack Engineer in San Francisco (ycombinator.com)

Synder (YC S21) Is Hiring (ycombinator.com)

Roame (YC S23) Is Hiring Lead Fullstack Engineer (ycombinator.com)

Weave (YC W25) is hiring a founding engineer (ycombinator.com)

Rollstack (YC W23) Is Hiring TypeScript Engineers (Remote US/CA) (ycombinator.com)

Ciro (YC S22) is hiring a software engineer to build AI agents for sales (ycombinator.com)

Artifact (YC W25) Is Hiring (ycombinator.com)

Thunder Compute (YC S24) Is Hiring a C++ Low-Latency Systems Developer (ycombinator.com)

GovEagle (YC W23) Is Hiring (ycombinator.com)

Motion (YC W20) Is Hiring a Senior Engineers (jobs.ashbyhq.com)

Tabular (YC S24) Is Hiring (ycombinator.com)

Continue (YC S23) is hiring software engineers in San Francisco (ycombinator.com)

Instant (YC S22) Is Hiring a Founding TypeScript Engineer (instantdb.com)

Jiga (YC W21) Is Hiring Engineers (workatastartup.com)

KaiPod Learning (YC S21) Is Hiring VP of Engineering (ycombinator.com)

Hightouch (YC S19) Is Hiring (ycombinator.com)

Helpcare AI (YC F24) Is Hiring (docs.google.com)

Stellar Sleep (YC S23) is hiring a product engineer in SF (ycombinator.com)

OneText (YC W23) Is Hiring a DevOps/DBA Lead Engineer

Toma (YC W24) Is Hiring Engs #3-4 (AI for Automotive) (ycombinator.com)

Waypoint Transit (YC W25) is hiring a software engineer (workatastartup.com)

GroMo (YC W21) Is Hiring (ycombinator.com)

Archil (YC F24) Is Hiring a Distributed Systems Engineer (In-Person, SF)

Modern Realty (YC S24) Is Hiring (workatastartup.com)

Hestus, Inc. (YC S24) Is Hiring an ML Engineer to Revolutionize CAD (ycombinator.com)

Activeloop (YC S18) is hiring a VP of Engineering in Mountain View (on-site) (careers.activeloop.ai)

Optery (YC W22) – Engineering Team Lead and Engineers with Node.js (U.S., Latam) (jobs.ashbyhq.com)

Extend (YC W23) is hiring engineers to build LLM document processing (jobs.ashbyhq.com)

Parity (YC S24) is hiring founding engineers to build an AI SRE (in-person, SF) (ycombinator.com)

Freshpaint (YC S19) is hiring back end and front end engineers (Remote, US only)

KeePass trojanised in advanced malware campaign

Comments (2)