Connect with us

Hi, what are you looking for?



Supply Chain Attack Targets Customer Engagement Firm Comm100

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

As part of the attack, a trojanized Comm100 Live Chat installer signed with a valid Comm100 Network Corporation certificate on September 26 was distributed from the company’s website from at least September 27 until September 29, 2022. The vendor claims to have more than 15,000 customers across 51 countries.

“The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe,” CrowdStike says.

The Comm100 installer is an Electron application in which the attackers injected a JavaScript backdoor, within the main.js file of the embedded archive. When executed, the backdoor fetches and runs a second-stage script from an external resource.

The script’s obfuscated code contains a backdoor to harvest system information and to provide the attackers with remote shell functionality.

At the next stage, the attacker deployed additional payloads onto the compromised hosts, including a malicious loader DLL that decrypts and executes in memory a shellcode that injects an embedded payload into a new instance of notepad.exe.

CrowdStrike believes that the attack is the work of a China nexus threat actor that previously targeted various online gambling entities in Asia, despite differences in the delivered payload, in the target scope and the supply chain attack mechanism.

Advertisement. Scroll to continue reading.

“Despite these differences, CrowdStrike Intelligence assesses that the actor responsible for previously identified online gambling targeting is also likely responsible for these recent incidents,” the cybersecurity firm says.

An updated Comm100 installer has been released to remove the malicious code and all Comm100 customers are advised to download and install the latest version of the application.

Comm100 appears to be investigating the incident, but has not shared any information on the attack. SecurityWeek has emailed the company for clarification on the incident and will update the article as soon as a reply arrives.

Related: Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

Related: The Vulnerable Maritime Supply Chain – a Threat to the Global Economy

Related: Software Supply Chain Attacks Tripled in 2021: Study

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.