Trojanized installers from conceptworld distribute information-stealing malware
Cybersecurity firm Rapid7 discovered that installers for three software products from Indian company Conceptworld—Notezilla, RecentX, and Copywhiz—were trojanized to distribute information-stealing malware (malicious software).
The breach was identified on June 18, 2024, and Conceptworld resolved the issue by June 24 within 12 hours of notification.
The compromised installers were designed to execute malware capable of downloading and executing additional payloads. This malware targeted Windows hosts, stealing browser credentials, cryptocurrency wallet information, logging clipboard contents and keystrokes, and establishing persistence via a scheduled task.
The trojanized installers had a larger file size compared to their legitimate versions and were unsigned. Once installed, users initiated the regular software installation process, which also dropped and executed a malicious binary responsible for running a batch script. This script set up persistence and a secondary file that connected to a command-and-control server, enabling further data theft and payload retrieval.
The malware (malicious software) specifically harvested credentials from browsers like Google Chrome and Mozilla Firefox, as well as several cryptocurrency wallets, and collected files with extensions such as .txt, .doc, .png, and .jpg. Users who downloaded the affected installers in June 2024 are advised to definitely check their systems for breaches and take remedial actions like re-imaging compromised systems.
