VERY IMPORTANT

The company ClickStudios recently notified their customers about a breach resulting in a supply chain attack conducted via an update of the password manager PASSWORDSTATE. ClickStudios mentioned a breach between the 20th of April 2021 8:33 PM UTC and 22nd of April 2021 00.30am UTC. The update mechanism was used to drop a malicious update via a zip file “Passwordstate_upgrade.zip” containing a rogue dll “moserware.secretsplitter.dll”. The company mentions that the C&C of the rogue dll was using a CDN (Content Delivery Network) that was terminated on the 22nd of April 2021 7:00am UTC. CSIS Security Group researchers discovered one of the rogue dll's during an investigation. We will try to share the IoC's that we have discovered in order for companies to determine if they have been impacted by this attack. We have dubbed this incident/malware "Moserpass".