Beware fake KeePass sites!

10 June 2025 | Computers, How to | 0 comments

KeePass with malware distributed on fake web sitesThe open source KeePass password manager is a great password vault for storing different passwords and 2FA codes for all your online accounts.

Unfortunately, not everyone is careful about where they download their software…

Recently, we learned that somebody created a copy of KeePass – with malware added – and distributed it on a bunch of fake KeePass web sites.

Oops!

The REAL KeePass web site

https://keepass.info/

Bookmark it NOW!

The Story

From Kaspersky’s web site, we learn:

A popular password manager was modified to allow attackers to steal passwords and encrypt users’ data.

The malicious campaign lasted at least eight months, starting in mid-2024. The attackers set up fake websites that mimicked the official KeePass site and used malvertising to redirect users who were searching for KeePass to domains with convincing names like keeppaswrd, keebass, and KeePass-download.

If the victim downloaded KeePass from a fake site, the password manager would function as expected, but it would also save all passwords from the currently open database to an unencrypted text file and install a Cobalt Strike beacon on the system. This is a tool that can be used both to assess an organization’s security and to conduct real cyberattacks.

What’s more, there were different flavors of the hacked KeePass, and some were worse than others.

Stay Safe

If you downloaded your KeePass from the official KeePass web site, don’t worry – you’re fine!

You can also set up to KeePass to automatically update from official sources.

I’ve been using the auto-update plugin alongside the 2FA (OTP) plugin for about a year now, and it’s quite handy.

The Real Problem

The real issue here is that even simple searches nowadays don’t give you quality results any more.

It’s a piece of cake for a small bunch of hackers to create bogus web sites and get their search ranking boosted to the moon.

And how about that AI-powered search?

It’s even worse! It will simply promote the most popular current course of action – regardless of how stupid or wrong that may actually be.

In short, the internet as we know it is currently being horribly broken…

Fortunately, you can still just type “keepass.info” into the address bar of your browser!

And be extra-careful in the future about using search engines to find the web site you’re looking for – especially if it’s a security or banking-related site!!

Submit a Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.