Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Supply Chain Security

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App

CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp.

Threat hunters at CrowdStrike and SentinelOne are tracking what is believed to be an active supply chain attack hitting businesses using a desktop app distributed by video conferencing software firm 3CX.

CrowdStrike’s threat intelligence team sounded the alarm on Wednesday after observing unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp.

“The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity,” the company warned.

“At time of writing, activity has been observed on both Windows and macOS,” CrowdStrike said.

The 3CXDesktopApp, available for Windows, macOS, Linux and mobile, is used by 3CX customers to make calls, view the status of colleagues, chat, schedule a video conference and check voicemails from the desktop software.

CrowdStrike believes the attacks are the work of a North Korean government hacker group and urged 3CX customers to immediately start hunting for signs of infections.

3CX has not yet publicly acknowledged the issue, but CrowdStrike says it has been in touch with the VOIP software company to share its findings.

On the 3CX user forums, customers are reporting warnings from both CrowdStrike and SentinelOne anti-malware products about command execution and code injection attacks targeting the 3CX product.

Advertisement. Scroll to continue reading.

UPDATE: Additional information has come to light. 3CX has confirmed being targeted in a supply chain attack and researchers have found a Mac version of the malware.

Editor’s Note: This is a developing story.  We will provide updates as new information becomes available.

Related: Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

Related: Mandiant Catches Another North Korean Gov Hacker Group

Related: Supply Chain Attack Targets Customer Engagement Firm Comm100

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Supply Chain Security

Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...

Supply Chain Security

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Artificial Intelligence

Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.