Conceptworld
Conceptworld installers trojanized, data theft.
Installers for Conceptworld's Notezilla, RecentX, and Copywhiz were compromised on conceptworld.com. The trojanized builds stole browser credentials, crypto wallets, clipboard and keystroke data, then downloaded more payloads. Rapid7 disclosed the issue, and Conceptworld remediated the download path within 12 hours.
- Date
- 2024-06-07 to 2024-06-24
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Credential theft
- Cause
- Website compromise
What Was Affected
Package
Conceptworld
LanguagePython
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
conceptworld.com
Incident Context
- Motive
- Financial gain
- Attribution
- Unknown attacker
- Transitive
- No
- Observed Duration
- 17 days
Evidence
Compromised Artifacts
Indicators and Changes
Hashes
sha256:6F49756749D175058F15D5F3C80C8A7D46E80EC3E5EB9FB31F4346ABDB72A0E7sha256:BFA99C41AECC814DE5B9EB8397A27E516C8B0A4E31EDD9ED1304DA6C996B4AAAsha256:2EAE4F06F2C376C6206C632AC93F4E8C4B3E0E63ECA3118E883F8AC479B2F852sha256:048CAE10558CDDFB2CF0ADE25F1101909BBA58D0A448E0D78590CC5E64E95127sha256:4DF9B7DA9590990230ED2AB9B4C3D399CF770ED7F6C36A8A10285375FD5A292Fsha256:EBF2B84ED64629242F8D0ABFCA73344736205249539474E8F57D1D3DBE8CCC41
External References
Source Data
Source record: proprietary/conceptworld/meta.yaml