19th Mai 2025 - Service Announcement Manipulated KeePass version in circulation

• Significant threat for KeePass users
  A KeePass version infected with malware is distributed via fake websites and advertisements. The attackers can read passwords, set up persistence on the system and move around unnoticed. The infection is carried out via manipulated installation files signed with valid certificates. Systems are infected with Cobalt Strike Beacons.
• Recommended action
  • Download KeePass only from trusted sources, e.g. keepass.info
  • Scan your KeePass installation and other suspicious files with up-to-date anti-malware software.
  • Use the IoCs provided by WithSecure to check your systems for possible compromises and block malicious domains/IPs.
  • Keep security software and firewalls up to date - ideally via automatic updates.

You can find more details in the linked warning from the Baden-Württemberg Cyber Security Agency