> The attack ... involved modifying and re-signing KeePass installers with trusted certificates to deliver a custom malware loader ... The infection chain began with malvertising campaigns on popular search engines ... directing users to fraudulent download pages ...
I have my own issues with KeePass, but, to be fair, this was not a KeePass problem. It was a trust problem, starting with search ads and ending in tricking users to install a fake app.
If anything, threat actors "weaponized" irresponsible advertising.