{"id":10375,"date":"2025-05-08T12:05:00","date_gmt":"2025-05-08T11:05:00","guid":{"rendered":"https:\/\/www.withsecure.com\/resources-hub\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/"},"modified":"2025-05-08T12:05:00","modified_gmt":"2025-05-08T11:05:00","slug":"keepass-trojanised-in-advanced-malware-campaign","status":"publish","type":"lab_item","link":"https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/","title":{"rendered":"KeePass trojanised in advanced malware campaign"},"content":{"rendered":"<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-1 wp-block-one-column-block--meta-sharing layout--spacing-xxxxl-top layout--spacing-xl-bottom\"\n    >\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                            <div class='wp-block-one-column-block__meta-sharing-grid'><div class=\"wp-component-content wp-component-content--default wp-block-one-column-block__content fade-in\">\n            <h1 class=\"wp-component-heading text--h2 wp-component-content__title\">\n    KeePass trojanised in advanced <span class=\"blue-text\">malware campaign<\/span><\/h1>                    <div class=\"wp-component-content__inner\">\n                                                    <div class=\"wp-component-content__meta\">\n                                                                            <span class=\"wp-component-content__meta-categories\">\n                                                                    <span class=\"wp-component-content__meta-category\">\n                                        Software Protection                                    <\/span>\n                                                                    <span class=\"wp-component-content__meta-category\">\n                                        Threat intelligence                                    <\/span>\n                                                            <\/span>\n                                                                                                    <span class=\"wp-component-content__meta-date\">\n                                08 Mai, 2025                            <\/span>\n                                                                    <\/div>\n                                            <\/div>\n                <\/div><section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--content-1 wp-block-sharing-icons--disable-container wp-block-one-column-block__sharing fade-in wp-block-one-column-block__sharing fade-in\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    Teilen Sie dies                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a\n            href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/&#038;title=KeePass%20trojanised%20in%20advanced%20malware%20campaign\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link\"\n            title=\"Auf LinkedIn teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a\n            href=\"http:\/\/x.com\/share?text=KeePass trojanised in advanced malware campaign&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link wp-component-socials__link--twitter\"\n            title=\"Auf X (Twitter) teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<\/div>                                                                                <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-one-column-block edwp-block js-wp-block-one-column-block wp-block-one-column-block--content-1 layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-one-column-block__container\">\n                                                                                                                                    <div class=\"wp-component-image__wrapper wp-block-one-column-block__image fade-in\">\n                    <figure class=\"wp-component-image__figure\">\n                                            <img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"800\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1.jpg.webp\" class=\"wp-component-image\n                            wp-component-image--desktop\n                            wp-component-image--mobile\n                            wp-component-image--ratio-content-25-1 wp-component-image--fit-cover\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1.jpg.webp 1200w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1-300x200.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1-1024x683.jpg.webp 1024w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1-768x512.jpg.webp 768w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1-447x298.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/ws_labs_insights-1-219x146.jpg.webp 219w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/>                                                    <\/figure>\n                    <\/div>\n                                                                                <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-two-column-block edwp-block js-wp-block-two-column-block wp-block-two-column-block--content-1 wp-block-two-column-block__left--align-y-top wp-block-two-column-block__right--align-y-top wp-block-two-column-block--split-sidebar layout--none-top layout--spacing-xxxl-bottom\"\n    data-block-id=\"block_8a9357f48edae3805b952121ac4a670c\"\n    >\n    <div class=\"wp-block-two-column-block__container row-load\">\n                                                        <div class=\"wp-block-two-column-block__left\">\n                                    <div class=\"wp-component-authors-list wp-block-two-column-block__authors\">\n                    <p class=\"wp-component-authors-list__title\">\n                Authors            <\/p>\n        \n        <div class=\"wp-component-authors-list__items\">\n                                                <div class=\"wp-component-author-card \">\n    <div class=\"wp-component-author-card__media\">\n                    <span class=\"wp-component-author-card__photo-placeholder\" aria-hidden=\"true\">\n                <svg viewBox=\"0 0 64 64\" role=\"presentation\" focusable=\"false\">\n                    <path d=\"M32 34c-8.1 0-14.7 6.6-14.7 14.7v3.5h29.4v-3.5C46.7 40.6 40.1 34 32 34z\"><\/path>\n                    <path d=\"M32 31.2c6 0 10.9-4.9 10.9-10.9S38 9.4 32 9.4s-10.9 4.9-10.9 10.9S26 31.2 32 31.2z\"><\/path>\n                <\/svg>\n            <\/span>\n            <\/div>\n    <div class=\"wp-component-author-card__content\">\n                    <h3 class=\"wp-component-author-card__name\">Tim West<\/h3>\n        \n                \n            <\/div>\n\n<\/div>\n\n                                                                <div class=\"wp-component-author-card \">\n    <div class=\"wp-component-author-card__media\">\n                    <img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2.jpg.webp\" class=\"wp-component-author-card__photo\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2.jpg.webp 1080w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-300x300.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-1024x1024.jpg.webp 1024w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-150x150.jpg.webp 150w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-768x768.jpg.webp 768w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-447x447.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-700x700.jpg.webp 700w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/Mohammad-Kazem-Hassan-Nejad_WithSecure_2-146x146.jpg.webp 146w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/>            <\/div>\n    <div class=\"wp-component-author-card__content\">\n                    <h3 class=\"wp-component-author-card__name\">Mohammad Kazem Hassan Nejad<\/h3>\n        \n                    <p class=\"wp-component-author-card__meta\">\n                Senior Threat Intelligence Researcher, WithSecure            <\/p>\n                \n            <\/div>\n\n<\/div>\n\n                                    <\/div>\n\n            <\/div>\n    <div class=\"wp-component-column-cta wp-block-two-column-block__cta wp-block-two-column-block__hide-mobile\">\n                    <p class=\"wp-component-column-cta__title js-column-cta-nav-title\">\n                Download report\/s            <\/p>\n        \n        <div class=\"wp-component-column-cta__items\">\n                            <div class=\"wp-component-column-cta__item\">\n                    \n                                            <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"wp-component-button btn btn--primary\" href=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/W_Intel_Research_KeePass_Trojanised_Malware_Campaign.pdf\">Download report<svg class='edwp-icon edwp-icon--reg button-icon js-icon ' aria-hidden='true'>\n                <use xlink:target=\"_blank\" rel=\"noopener noreferrer\" href='#download'><\/use>\n            <\/svg><\/a>                                    <\/div>\n                    <\/div>\n    <\/div>\n<section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--disable-container wp-block-two-column-block__share wp-block-two-column-block__hide-mobile wp-block-two-column-block__share wp-block-two-column-block__hide-mobile\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    Share this story                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a\n            href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/&#038;title=KeePass%20trojanised%20in%20advanced%20malware%20campaign\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link\"\n            title=\"Auf LinkedIn teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a\n            href=\"http:\/\/x.com\/share?text=KeePass trojanised in advanced malware campaign&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link wp-component-socials__link--twitter\"\n            title=\"Auf X (Twitter) teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n                <\/div>\n                                                <div class=\"wp-block-two-column-block__right\">\n                                <div class=\"wp-component-paragraph wp-block-two-column-block__paragraph \">\n    <h2>In 2025, WithSecure discovered a trojanised, and signed version of the open-source password manager\u00a0<b>KeePass<\/b>, used to deliver malware and exfiltrate credentials.<\/h2>\n<p>Named\u00a0<b>KeeLoader<\/b>, this modified installer was signed with trusted certificates and distributed via\u00a0<b>malvertising<\/b>\u00a0and\u00a0<b>typo-squat domains t<\/b>o victims across Europe.<\/p>\n<p>In this campaign, KeePass\u2019s actual\u00a0<b>source code was altered<\/b>, allowing attackers to steal user credentials and deploy\u00a0<b>Cobalt Strike beacons<\/b>\u00a0for deeper network access. This marks growing sophistication in attacker tradecraft \u2014blending watering-hole style attacks with credential theft and post-exploitation tools.<\/p>\n<p>The operation is linked to a\u00a0<b>prolific Initial Access Broker<\/b>, likely historically connected to (now seemingly defunct)\u00a0<b>BlackBasta<\/b>\u00a0ransomware, and highlights the growing sophistication of \u201cas-a-service\u201d cybercrime models.<\/p>\n<p>This case underscores the risks of trusted software being hijacked and weaponised. It calls for stronger software integrity checks, better ad platform oversight, and enhanced detection of stealthy loaders.<\/p>\n<p>Download the full research paper here, which offers technical analysis, indicators of compromise, and actionable defense guidance.<\/p>\n<\/div>\n    <div class=\"wp-component-column-cta wp-block-two-column-block__cta wp-block-two-column-block__mobile-after-right\">\n                    <p class=\"wp-component-column-cta__title js-column-cta-nav-title\">\n                Download report\/s            <\/p>\n        \n        <div class=\"wp-component-column-cta__items\">\n                            <div class=\"wp-component-column-cta__item\">\n                    \n                                            <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"wp-component-button btn btn--primary\" href=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/W_Intel_Research_KeePass_Trojanised_Malware_Campaign.pdf\">Download report<svg class='edwp-icon edwp-icon--reg button-icon js-icon ' aria-hidden='true'>\n                <use xlink:target=\"_blank\" rel=\"noopener noreferrer\" href='#download'><\/use>\n            <\/svg><\/a>                                    <\/div>\n                    <\/div>\n    <\/div>\n<section\n    class=\"wp-block-sharing-icons edwp-block wp-block-sharing-icons--disable-border wp-block-sharing-icons--disable-container wp-block-two-column-block__share wp-block-two-column-block__mobile-after-right wp-block-two-column-block__share wp-block-two-column-block__mobile-after-right\"\n    >\n    <div class=\"wp-block-sharing-icons__container\">\n        <div class=\"wp-block-sharing-icons__inner\">\n                            <p class=\"wp-block-sharing-icons__title fade-in\">\n                    Share this story                <\/p>\n                        <div class=\"wp-component-socials wp-component-socials--dark-mode\">\n    \n            <a\n            href=\"https:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/&#038;title=KeePass%20trojanised%20in%20advanced%20malware%20campaign\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link\"\n            title=\"Auf LinkedIn teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#linkedin'><\/use>\n            <\/svg>        <\/a>\n    \n            <a\n            href=\"http:\/\/x.com\/share?text=KeePass trojanised in advanced malware campaign&#038;url=https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/\"\n            target=\"_blank\"\n            rel=\"noreferer noopener\"\n            class=\"wp-component-socials__link wp-component-socials__link--twitter\"\n            title=\"Auf X (Twitter) teilen\"\n        >\n            <svg class='edwp-icon edwp-icon--xlg js-icon ' aria-hidden='true'>\n                <use xlink:href='#x'><\/use>\n            <\/svg>        <\/a>\n    \n    \n    <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n                <\/div>\n                        <\/div>\n<\/section>\n\n\n<section\n    class=\"wp-block-cta-banner edwp-block js-wp-block-cta-banner wp-block-cta-banner--style-icon wp-block-cta-banner--no-image layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-cta-banner__container\">\n        <div class=\"wp-block-cta-banner__box row-load\">\n            <div class=\"wp-component-content wp-component-content--help-text wp-component-content--dark wp-block-cta-banner__content\">\n                        <div class=\"wp-component-content__inner\">\n                <h2 class=\"wp-component-heading text--h2 wp-component-heading--dark wp-component-content__title\">\n    What <span class=\"blue-text\">next?<\/span><\/h2>                                    <div class=\"wp-component-content__content wysiwyg wysiwyg--dark\">\n                        <div class=\"wp-component-paragraph wp-component-paragraph--dark\">\n    <p class=\"text--p-medium\">Discover WithSecure\u2122 Elements Exposure Management.<br \/>\n&#8211; No credit card required. No obligations.No complexity.<\/p>\n<\/div>\n                    <\/div>\n                            <\/div>\n                            <div class=\"wp-component-content__buttons\">\n                <a class=\"wp-component-button btn btn--primary btn--dark\" href=\"https:\/\/www.withsecure.com\/en\/contact-us\/\">Contact us<\/a>            <\/div>\n                <\/div>                    <\/div>\n    <\/div>\n<\/section>\n\n\n\n\n<section\n    class=\"wp-block-cards edwp-block wp-block-cards--col-3 js-wp-block-cards wp-block-cards--show-overflow wp-block-cards--auto-slides-per-view layout--spacing-xxxl-top layout--spacing-xxxl-bottom\"\n    >\n    <div class=\"wp-block-cards__container\">\n        <div class=\"wp-component-content wp-component-content--default wp-block-cards__content\">\n            <h2 class=\"wp-component-heading text--h2 wp-component-content__title\">\n    Related <span class=\"blue-text\">Labs content<\/span><\/h2>                    <div class=\"wp-component-content__inner\">\n                                    <div class=\"wp-component-content__content wysiwyg\">\n                        <div class=\"wp-component-paragraph \">\n    <p class=\"text--p-medium\"><span data-teams=\"true\">Find related content relating to this topic.<\/span><\/p>\n<\/div>\n                    <\/div>\n                                                            <\/div>\n                <\/div>                            <div\n                class=\"swiper wp-block-cards__swiper js-wp-block-cards-swiper\"\n                data-slides-per-view-desktop=\"auto\"\n                data-slides-per-view-tablet=\"auto\"\n                data-slides-per-view-mobile=\"auto\"\n            >\n                <div class=\"swiper-wrapper wp-block-cards__swiper-wrapper row-load\">\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card wp-component-card-insight--highlighted\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/Labs<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Threat intelligence<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Source: https:\/\/labs.withsecure.com\/publications\/darkgate-rises<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary btn--dark wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/darkgate-rises\/\">Mehr erfahren<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/Labs<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Threat intelligence<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">Reverse engineering a Lumma infection<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Lumma is an information stealer that the WithSecure Detection and Response Team (DRT) have encountered several times. It has seen wider use over the past couple of years, and makes for an interesting threat to monitor.<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/reverse-engineering-a-lumma-infection\/\">Mehr erfahren<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                            <div class=\"swiper-slide wp-block-cards__slide\">\n                            <div class=\"wp-component-card-insight wp-block-cards__card\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img loading=\"lazy\" decoding=\"async\" width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp\" class=\"wp-component-card-insight__image\" alt=\"\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder.jpg.webp 618w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-300x214.jpg.webp 300w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-447x318.jpg.webp 447w, https:\/\/www.withsecure.com\/wp-content\/smush-webp\/2026\/05\/placeholder-205x146.jpg.webp 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/Labs<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">AI security<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Attack Detection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">Machine learning-driven malware analysis<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">With the rapid emergence of new malware variants, accurately classifying and attributing malware samples has become more challenging than ever<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/machine-learning-driven-malware-analysis\/\">Mehr erfahren<\/a>            <\/div>\n            <\/div>\n<\/div>                        <\/div>\n                                    <\/div>\n                <div class=\"wp-block-cards__nav fade-in\">\n                    <div class=\"wp-block-cards__pagination js-wp-block-cards-pagination\">\n                    <\/div>\n                    <div class=\"wp-block-cards__nav-arrow js-wp-block-cards-nav-prev\">\n                        <svg class='edwp-icon edwp-icon--reg js-icon ' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                    <\/div>\n                    <div class=\"wp-block-cards__nav-arrow js-wp-block-cards-nav-next\">\n                        <svg class='edwp-icon edwp-icon--reg js-icon ' aria-hidden='true'>\n                <use xlink:href='#chevron'><\/use>\n            <\/svg>                    <\/div>\n                <\/div>\n            <\/div>\n                                    <\/div>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Named KeeLoader, this modified installer was signed with trusted certificates and distributed via malvertising and typo-squat domains to victims across Europe.<\/p>\n","protected":false},"author":3,"featured_media":0,"template":"","categories":[311,312],"labs_content_type":[348],"class_list":["post-10375","lab_item","type-lab_item","status-publish","hentry","category-software-protection","category-threat-intelligence"],"acf":[],"card":"<div class=\"wp-component-card-insight js-card-link wp-component-card-insight--highlighted\">\n    <div class=\"wp-component-card-insight__image-wrapper\">\n        <img width=\"618\" height=\"440\" src=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg\" class=\"wp-component-card-insight__image\" alt=\"\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder.jpg 618w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-300x214.jpg 300w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-447x318.jpg 447w, https:\/\/www.withsecure.com\/wp-content\/uploads\/2026\/05\/placeholder-205x146.jpg 205w\" sizes=\"auto, (max-width: 618px) 100vw, 618px\" \/>                    <p class=\"wp-component-card-insight__content-type\">W\/Labs<\/p>\n            <\/div>\n    <div class=\"wp-component-card-insight__content\">\n                    <div class=\"wp-component-card-insight__meta\">\n                <div class=\"wp-component-card-insight__categories\">\n                                            <span class=\"wp-component-card-insight__category\">Software Protection<\/span>\n                                            <span class=\"wp-component-card-insight__category\">Threat intelligence<\/span>\n                                    <\/div>\n            <\/div>\n                            <h3 class=\"wp-component-card-insight__title\">KeePass trojanised in advanced malware campaign<\/h3>\n                                            <p class=\"wp-component-card-insight__desc\">Named KeeLoader, this modified installer was signed with trusted certificates and distributed via malvertising and typo-squat domains to victims across Europe.<\/p>\n                            <div class=\"wp-component-card-insight__button-wrapper\">\n                <a class=\"wp-component-button btn btn--primary btn--dark wp-component-card-insight__button btn--small\" href=\"https:\/\/www.withsecure.com\/de\/ressourcen\/w-labs\/keepass-trojanised-in-advanced-malware-campaign\/\">Mehr erfahren<\/a>            <\/div>\n            <\/div>\n<\/div>","_links":{"self":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/lab_item\/10375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/lab_item"}],"about":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/types\/lab_item"}],"author":[{"embeddable":true,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/users\/3"}],"wp:attachment":[{"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/media?parent=10375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/categories?post=10375"},{"taxonomy":"labs_content_type","embeddable":true,"href":"https:\/\/www.withsecure.com\/de\/wp-json\/wp\/v2\/labs_content_type?post=10375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}