Connect with us

Hi, what are you looking for?



JAVS Courtroom Audio-Visual Software Installer Serves Backdoor

Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.

Thousands of computers are at risk of complete takeover after hackers added a backdoor to the installer for the Justice AV Solutions (JAVS) Viewer software, Rapid7 warned in an advisory.

According to Rapid7, the hackers injected a backdoor in the JAVS Viewer v8.3.7 installer that is being distributed directly from JAVS’ official servers.

“This version contains a backdoored installer that allows attackers to gain full control of affected systems. Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials,” Rapid7 added.

The backdoored installer had been distributed through the official servers for months and was initially discovered by security firm S2W, which identified the malware being deployed in this attack, namely GateDoor (part of the RustDoor malware family) in February.

Once the malware is dropped on the user’s computers, it provides the attackers with full control over the machines.

“Justice AV Solutions Viewer Setup contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute unauthorized PowerShell commands,” according to a NIST advisory that identifies the issue as CVE-2024-4978 (CVSS score of 8.7).

Rapid7 identified two malicious JAVS Viewer packages on the vendor’s server and discovered that the certificate used to sign them was issued on February 10.

Although the first report of the official JAVS downloads page serving malware emerged in early April, it is unclear if the vendor was notified at the time.

Advertisement. Scroll to continue reading.

The cybersecurity firm recommends that users update to JAVS Viewer version 8.3.8, which no longer contains the malicious code.

Rapid7 also underlines that users need to re-imagine their computers to ensure that the backdoor has been removed, as simply updating the Viewer does not clean the system, and to reset the credentials for all accounts they were logged into on the infected machines.

“Completely re-imaging affected endpoints and resetting associated credentials is critical to ensure attackers have not persisted through backdoors or stolen credentials. All organizations running JAVS Viewer 8.3.7 should take these steps immediately to address the compromise,” Rapid7 added.

Part of JAVS Suite, which provides audio and video recording and management capabilities for courtroom environments, the Viewer allows users to open media and log files and runs with high system privileges.

A US-based company, JAVS says its software is used in courtrooms, jury rooms, prison facilities, and council, hearing, and lecture rooms, and has more than 10,000 installations worldwide.

Related: Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors

Related: State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

Related: Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights