Maplesoft recently announced that its administrative database was breached on July 17, providing attackers with access to e-mail addresses, first and last names, and company and institution names. The company says no financial information was accessed.
"On the same day, the intruders reportedly started to send out bogus emails to customers on behalf of Maplesoft," The H Security reports. "The well-written English-language emails -- addressing customers by their actual first names -- asked recipients to install an alleged security update that affects all Maplesoft products. In some cases, the bogus patch was directly attached to the email as a password-protected ZIP archive called Maple_Patch.zip, which made it more difficult for virus scanners to detect. The archive contains a file called MapleFix.exe that appears to be a variant of the Zeus Trojan."
"Maplesoft takes the security of our customers’ and contacts’ personal information very seriously," Maplesoft CEO Jim Cooper said in a statement. "We are in the process of notifying all individuals whose information may have been compromised. We have locked down our systems to prevent further unauthorized access and we are reviewing our security practices and procedures to help ensure this does not happen again."
The company says all affected individuals have already been contacted directly. Customers with questions or concerns can contact Maplesoft Customer Service at (519) 747-2373.