Security Experts:

Connect with us

Hi, what are you looking for?



Supply Chain Attack Targets Customer Engagement Firm Comm100

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

As part of the attack, a trojanized Comm100 Live Chat installer signed with a valid Comm100 Network Corporation certificate on September 26 was distributed from the company’s website from at least September 27 until September 29, 2022. The vendor claims to have more than 15,000 customers across 51 countries.

“The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe,” CrowdStike says.

The Comm100 installer is an Electron application in which the attackers injected a JavaScript backdoor, within the main.js file of the embedded archive. When executed, the backdoor fetches and runs a second-stage script from an external resource.

The script’s obfuscated code contains a backdoor to harvest system information and to provide the attackers with remote shell functionality.

At the next stage, the attacker deployed additional payloads onto the compromised hosts, including a malicious loader DLL that decrypts and executes in memory a shellcode that injects an embedded payload into a new instance of notepad.exe.

CrowdStrike believes that the attack is the work of a China nexus threat actor that previously targeted various online gambling entities in Asia, despite differences in the delivered payload, in the target scope and the supply chain attack mechanism.

“Despite these differences, CrowdStrike Intelligence assesses that the actor responsible for previously identified online gambling targeting is also likely responsible for these recent incidents,” the cybersecurity firm says.

An updated Comm100 installer has been released to remove the malicious code and all Comm100 customers are advised to download and install the latest version of the application.

Comm100 appears to be investigating the incident, but has not shared any information on the attack. SecurityWeek has emailed the company for clarification on the incident and will update the article as soon as a reply arrives.

Related: Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

Related: The Vulnerable Maritime Supply Chain – a Threat to the Global Economy

Related: Software Supply Chain Attacks Tripled in 2021: Study

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.