The Australian software firm, Click Studio, a few weeks back confirmed that they had been a victim of a supply chain attack. The attack affected the Passwordstate password management application and now it has warned their customers regarding the ongoing phishing attack by some unknown cyber-crook.
The company released an updated advisory in which they make it clear that some bad actors have launched a phishing attack with a small number of customers receiving emails requesting urgent action. But, these emails were not sent by Click Studios.
The emails the customers receive asks them to download an update. In reality, it is a modified version of the dynamic link that was used in the original attack. The original attack called out to a content delivery network server that was not controlled by the company for a malware payload. The company further clarified that the servers are not down and they have obtained a sample of the payload for further analysis.
The customers can spot the fake emails by just looking at the domain suffix as it doesn’t match with the legitimate Click Studios emails. Moreover, the emails also claim that an urgent update is needed to overwrite a bug in the previous patch or to download an update from a subdomain.
The latest phishing attack involves crafting legitimate email messages replicated with the Click Studios email content. The bogus emails were shared by the users on various social media platforms to push a new variant of the malware.
The attack on the Passwordstate is the most recent supply-chain attack that comes under the light. The attack highlighted how a sophisticated group of threat actors is now targeting the software built by third parties to compromise the government and corporate data.
The Australian Cyber Security Centre(ACSC) is aware of this incident and they are directly providing advice to Click Studios. Please don’t hesitate if you also want to have some words of advice from them.