Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Attack Against 3CXDesktopApp: What You Need to Know

            Created by Daniel Kauffer, Modified on Wed, 12 Apr 2023 at 12:00 PM by Daniel Kauffer

            3CXDesktopApp has fallen victim to a supply chain attack that has compromised some of its versions. 

            The attack involved hackers gaining unauthorized access to the software, signing and distributing it with malicious code, resulting in trojanization of the affected versions. As a result, the malware has been beaconing to command-and-control (C2) servers and deploying additional payloads such as information-stealing malware. In some cases, it even involves hands-on keyboard activity.



            Affected Versions

            Versions of the 3CX Desktop App affected on Windows include 18.12.407 and 18.12.416, while versions affected on Mac include 18.11.1213, 18.12.402, 18.12.407, and 18.12.416.



            What This Means

            The trojanized 3CX Desktop App allows hackers to access a user's system information such as hostname, domain name, operating system information, and browser history information from popular browsers like Brave, Chrome, Edge, and Firefox. Additionally, the malware has a 7-day delay before reaching out to external C2 servers, making it difficult to detect.


            What to Look for

            Users should check if their software version is among those affected by the supply chain attack. If it is, it's important to take immediate action to mitigate the damage.


            Mitigation

            3CX is urging all affected users to uninstall the software and use the Progressive Web App (PWA) Client as an alternative. It's also advisable to check for published Indicators of Compromise (IOCs) and malicious activity. For more information on IOCs, CrowdStrike and Sentinel One provide comprehensive guides on their websites.


            What to Do

            If you have used one of the affected software versions, it's essential to uninstall the software immediately and take the necessary measures to protect your system. Users should also monitor their systems for suspicious activity and promptly report any unusual activity to their IT department.


            Conclusion

            The supply chain attack against 3CX Desktop App is a reminder that cybercriminals are continually evolving their tactics to breach systems. Companies must prioritize their cybersecurity measures to safeguard their systems against such attacks. Users should remain vigilant and take necessary precautions to prevent falling victim to cyber-attacks.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0