For at least eight months, cybercriminals have been deploying a manipulated version of the KeePass password manager, known as KeeLoader. This malware is designed to install Cobalt Strike beacons that steal user credentials and spread ransomware. The Threat Intelligence team at WithSecure uncovered this through their investigation of a ransomware attack originating from a malicious KeePass installation promoted via deceptive Bing ads. KeeLoader retains the original functionalities of KeePass while embedding malicious code, showcasing the sophistication in exploiting open-source software.
Researchers discovered that cybercriminals have manipulated KeePass, leading to the creation of KeeLoader, a modified version promoting ransomware through fake websites and domain names.
The analysis shows these manipulations leverage open-source code to stealthily insert harmful functions while maintaining KeePass's original capabilities, indicating a growing sophistication in their tactics.
Collection
[
|
...
]