from Hacker News

Hackers Weaponize KeePass Password Manager

by mosiuerbarso on 5/18/25, 6:39 AM with 2 comments

• by fwn on 5/18/25, 7:58 AM

  > The attack ... involved modifying and re-signing KeePass installers with trusted certificates to deliver a custom malware loader ... The infection chain began with malvertising campaigns on popular search engines ... directing users to fraudulent download pages ...

  I have my own issues with KeePass, but, to be fair, this was not a KeePass problem. It was a trust problem, starting with search ads and ending in tricking users to install a fake app.

  If anything, threat actors "weaponized" irresponsible advertising.

• by okanat on 5/18/25, 10:28 AM

  Misleading oversensationalised title.