3CXDesktopApp has fallen victim to a supply chain attack that has compromised some of its versions.
The attack involved hackers gaining unauthorized access to the software, signing and distributing it with malicious code, resulting in trojanization of the affected versions. As a result, the malware has been beaconing to command-and-control (C2) servers and deploying additional payloads such as information-stealing malware. In some cases, it even involves hands-on keyboard activity.
Affected Versions
Versions of the 3CX Desktop App affected on Windows include 18.12.407 and 18.12.416, while versions affected on Mac include 18.11.1213, 18.12.402, 18.12.407, and 18.12.416.
What This Means
The trojanized 3CX Desktop App allows hackers to access a user's system information such as hostname, domain name, operating system information, and browser history information from popular browsers like Brave, Chrome, Edge, and Firefox. Additionally, the malware has a 7-day delay before reaching out to external C2 servers, making it difficult to detect.
What to Look for
Users should check if their software version is among those affected by the supply chain attack. If it is, it's important to take immediate action to mitigate the damage.
Mitigation
3CX is urging all affected users to uninstall the software and use the Progressive Web App (PWA) Client as an alternative. It's also advisable to check for published Indicators of Compromise (IOCs) and malicious activity. For more information on IOCs, CrowdStrike and Sentinel One provide comprehensive guides on their websites.
What to Do
If you have used one of the affected software versions, it's essential to uninstall the software immediately and take the necessary measures to protect your system. Users should also monitor their systems for suspicious activity and promptly report any unusual activity to their IT department.
Conclusion
The supply chain attack against 3CX Desktop App is a reminder that cybercriminals are continually evolving their tactics to breach systems. Companies must prioritize their cybersecurity measures to safeguard their systems against such attacks. Users should remain vigilant and take necessary precautions to prevent falling victim to cyber-attacks.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article