Attack Against 3CXDesktopApp: What You Need to Know

Created by Daniel Kauffer, Modified on Wed, 12 Apr, 2023 at 12:00 PM by Daniel Kauffer

3CXDesktopApp has fallen victim to a supply chain attack that has compromised some of its versions. 

The attack involved hackers gaining unauthorized access to the software, signing and distributing it with malicious code, resulting in trojanization of the affected versions. As a result, the malware has been beaconing to command-and-control (C2) servers and deploying additional payloads such as information-stealing malware. In some cases, it even involves hands-on keyboard activity.



Affected Versions

Versions of the 3CX Desktop App affected on Windows include 18.12.407 and 18.12.416, while versions affected on Mac include 18.11.1213, 18.12.402, 18.12.407, and 18.12.416.



What This Means

The trojanized 3CX Desktop App allows hackers to access a user's system information such as hostname, domain name, operating system information, and browser history information from popular browsers like Brave, Chrome, Edge, and Firefox. Additionally, the malware has a 7-day delay before reaching out to external C2 servers, making it difficult to detect.


What to Look for

Users should check if their software version is among those affected by the supply chain attack. If it is, it's important to take immediate action to mitigate the damage.


Mitigation

3CX is urging all affected users to uninstall the software and use the Progressive Web App (PWA) Client as an alternative. It's also advisable to check for published Indicators of Compromise (IOCs) and malicious activity. For more information on IOCs, CrowdStrike and Sentinel One provide comprehensive guides on their websites.


What to Do

If you have used one of the affected software versions, it's essential to uninstall the software immediately and take the necessary measures to protect your system. Users should also monitor their systems for suspicious activity and promptly report any unusual activity to their IT department.


Conclusion

The supply chain attack against 3CX Desktop App is a reminder that cybercriminals are continually evolving their tactics to breach systems. Companies must prioritize their cybersecurity measures to safeguard their systems against such attacks. Users should remain vigilant and take necessary precautions to prevent falling victim to cyber-attacks.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article