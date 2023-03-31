Popular softphone weaponised in supply chain attack

By on
Popular softphone weaponised in supply chain attack

Uninstall 3CX Electron, switch to web version.

Business telephony vendor 3CX is warning users of its softphone to uninstall the software and switch to its equivalent web app, following what it calls a supply-chain attack.

CEO Nick Galea posted that the malware “affects the Windows Electron client for customers running update 7."

“It was reported to us [last] night and we are working on an update to the DesktopApp which we will release in the coming hours," he wrote.

“We strongly recommend using our PWA client instead. It really does 99 percent of the client app and is fully web-based and this type of thing can never happen."

Galea also said that Windows Defender users will already have noticed the app has been uninstalled.

The malware was discovered independently by SentinelOne and CrowdStrike.

SentinelOne said it first noticed malicious activity originating from the 3CX software on March 22.

“The trojanised 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from GitHub and ultimately leads to a third stage infostealer DLL still being analysed as of the time of writing," SentinelOne said.

CrowdStrike said it observed similar behaviour on March 29.

The malicious activity, CrowdStrike said, emanated from “a legitimate, signed binary, 3CXDesktopApp”.

The activity “includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity," it said.

“CrowdStrike Intelligence has assessed there is suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA,” the company said.

On its website, 3CX claims it has 600,000 business customers and 12 million daily users.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
3cxsecuritysecurity vulnerability

Sponsored Whitepapers

Creating the Sustainable IT Department
Creating the Sustainable IT Department
Modernize and innovate in a Multicloud operating model
Modernize and innovate in a Multicloud operating model
The Future Belongs to the Innovators
The Future Belongs to the Innovators
Manufacturers&#8217; Perspectives on Modernizing with Edge Computing and 5G eBook
Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook
State of Email Security Report 2023
State of Email Security Report 2023

Events

Most Read Articles

Latitude Financial breach passes 14 million records

Latitude Financial breach passes 14 million records
Wi-Fi protocol vulnerability allows traffic decryption

Wi-Fi protocol vulnerability allows traffic decryption
Home Affairs to set up cyber and infrastructure security group

Home Affairs to set up cyber and infrastructure security group
Microsoft introduces AI-powered cyber security assistant

Microsoft introduces AI-powered cyber security assistant

Digital Nation

Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics

Log In

  |  Forgot your password?