Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide. Click Studios notified customers that attackers compromised the app’s update mechanism to deliver malware in a supply-chain attack after breaching its networks. Malware harvested system info, Passworrdstate data, the malware (dubbed Moserpass) would collect system information and Passwordstate data later gets sent to attacker-controlled servers. The attackers crudely added a ‘Loader’ code section, just an extra 4KB from an older version.
Source: https://www.bleepingcomputer.com/news/security/passwordstate-password-manager-hacked-in-supply-chain-attack/