As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server. Bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers.

First-stage payloads uploaded to VirusTotal here and here showed that at the time this post was going live, none of the 68 tracked endpoint protection programs detected the malware. Researchers so far have been unable to obtain samples of the follow-on payload.