Exploitation of Click Studio’s PasswordState software – ACSC issues High Alert


Click Studios has released a formal advisory today (27 April) for any customer that has performed an In-Place Upgrade between 20th April 2021 8:33 PM UTC and 22nd April 2021 0:30 AM UTC had the potential to download a malformed Passwordstate_upgrade.zip file.

The Australian Cyber Security Centre (ASCS) has also issued a High Alert notification advising:

On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.

The compromise of Click Studios’ software update process in April 2021 has resulted in some PasswordState users downloading malware through the software update function. If executed, the malware leads to the compromise of the customer’s PasswordState instance, giving the malicious actor access to all passwords stored in PasswordState, and creates the opportunity for follow-on malicious activity.

Click Studios has established and implemented an Incident Management Plan in respond to a major incident affecting Passwordstate’s operation.

As part of the Incident Management Process, Click Studios stateswill provide regular updates detailing the best known information available at that point in time. These advisories are the only authorized updates for existing and potential customers, media and other parties. By publishing these advisories, representing the single source of truth, Technical Support Team members, developers and Pre-Sales staff can focus solely on assisting customers with the major incident.

Please be aware that emails to Sales or Support, requesting additional information, will be replied to with a standard response directing the requestor to this Advisory page. Please understand, if Click Studios invokes the Incident Management Plan, our number one priority is working with our customers to identify if they have been affected and advising them of required remedial actions.

We recommend any interested party periodically check this advisories page for the latest updates.