ConceptWorld Details
Industry
Technology
Security Incidents
1
ConceptWorld is a software development company primarily focused on creating productivity-enhancing applications for Windows users. Founded in 2001, ConceptWorld released its first software, NoteZilla, an advanced sticky notes application. Over the years, the company has expanded its portfolio to include other notable products such as Copywhiz, a tool for enhancing file copy and backup processes, and RecentX, a launcher application that provides quick access to recently used files, folders, and websites.
ConceptWorld's software solutions have received multiple accolades for their user-friendl...
Show more
Security Incidents
ConceptWorld Breach of Jul 2024
Show more
Show more
Show more
Severity Score
Significant to High
Type
UnknownSummary
On June 18, 2024, cybersecurity firm Rapid7 discovered a supply chain compromise involving trojanized installers for three software products by Conceptworld: Notezilla, RecentX, and Copywhiz. These compromised installers distributed information-stealing malware capable of downloading and executing additional payloads, stealing browser credentials and cryptocurrency wallet information, logging keystrokes, and setting up persistence using a scheduled task to execute its main payload every three hours. The malware also dropped and executed binaries ("dllCrt32.exe" and "dllBus32.exe") responsible ...Show more
Severity
The trojanization of the installers for three popular software products by Conceptworld represented a significant supply chain compromise that was identified by Rapid7. This incident involved the distribution of sophisticated information-stealing malware capable of stealing browser credentials, cryptocurrency wallet information, and logging keystrokes and clipboard content. The breach of the official domain led to unauthorized file manipulations that established persistence and communicated with a command-and-control (C2) server to launch additional payloads. While Conceptworld remediated the ...Show more
Impact
The recent supply chain compromise involving Conceptworld’s software installers has significantly impacted user security. The installers for Notezilla, RecentX, and Copywhiz were trojanized to distribute information-stealing malware, affecting users who downloaded these applications in June 2024. The malware was capable of stealing browser credentials, cryptocurrency wallet information, log clipboard contents, and keystrokes, as well as establishing persistence and communicating with a command-and-control server to download additional payloads. Although Conceptworld promptly remediated the iss...Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos