“This is a particularly sophisticated supply chain attack,” noted Mika Aalto, Principal Threat Researcher at Withsecure.
Mika Aalto is an incompetent clown. A “Principal Threat Researcher” at any company should understand the difference between a trojanized version of an app distributed through phishing, and a supply chain attack.
Security experts have identified multiple attack vectors, with the primary distribution channel being tampered download links spread through phishing emails and malicious advertisements that redirect users to convincing but fraudulent KeePass download pages.
Mika Aalto is an incompetent clown. A “Principal Threat Researcher” at any company should understand the difference between a trojanized version of an app distributed through phishing, and a supply chain attack.
🤡