Supply chain attacks have become a major concern for businesses as cybercriminals increasingly find new ways to target their systems. The latest episode of such a supply chain attack has been seen with the Trojanized Windows and Mac apps specifically targeting users of 3CX, the cloud-based unified communications software.
According to security researchers, the attack was likely carried out by malicious actors who infected the company’s infrastructure in order to distribute maliciously modified versions of the 3CX app. The infected applications contained backdoors that gave attackers direct access to users’ systems, allowing them to steal valuable data and credentials.
The malicious apps included both Windows and Mac versions, hinting that the attackers had a good understanding of the company’s network and the way it operated. This allowed them to modify the executables in the 3CX application suite in order to insert malicious code and backdoors.
The malware found in the compromised apps was a trojan, which is a type of malicious software designed to open a backdoor on the victim’s computer for the attackers. This makes it difficult for antivirus and anti-malware products to detect and remove the malicious code.
Fortunately, 3CX users did not face any disruption or data theft due to the attack. The company was quick to patch up the vulnerability and take additional measures to secure its users from similar attacks in the future.
Overall, this attack serves as a reminder to businesses and users of the dangers of malicious software and the need for a strong defense against these threats. As cybercriminals become increasingly sophisticated in their operations, it is important to be mindful of the risks that malicious software poses and to take the necessary steps to protect against them.