Attackers have leveraged trojanized versions of Indian software provider Conceptworld's installers for its Copywhiz, Notezilla, and RecentX programs to facilitate the delivery of information-stealing malware, The Hacker News reports.
Launching the malicious installers — all of which are larger than their legitimate counterparts and have already been removed by Conceptworld from its official website — triggered the execution of a batch script-running binary alongside actual software deployment to establish persistence and ultimately data theft and additional payload execution, according to an analysis from Rapid7. Aside from exfiltrating data from browsers and numerous cryptocurrency wallets, including Atomic, Electrum, and Guada, the infostealer also enables keystroke logging, clipboard content compromise, and the theft of .txt., .doc, .jpg, and .png files, said researchers.
Organizations that downloaded installers for Conceptworld programs last month were urged to identify potential compromises and conduct re-imaging for impacted installations to prevent additional attacks.