Trojanized Windows

In a recent security incident, users of 3CX, a software that allows small-to-medium businesses to deploy a VoIP (Voice over IP) telephone system on computers or in the cloud, were targeted by hackers who used a supply chain attack to deliver trojanized versions of the 3CX software to unsuspecting victims.

In this attack, the hackers had infiltrated a third-party developer who had been contracted by 3CX to create Windows and Mac versions of their VoIP software. Instead of creating legitimate, working versions of the software, the hackers – using what is known as a “Trojan Horse” attack – inserted malicious code within the software, unbeknownst to the users. This malicious code was designed to allow malicious actors to gain covert access to the user’s computer or network, and use it to spy on their data, or even sabotage their systems.

When 3CX users download the trojanized versions of their software, they may not even notice at first that their systems are compromised. However, this type of attack can lead to significant damage, as the malicious actor can do things such as steal the user’s personal data or manipulate their systems for their own benefit. The malicious code can then spread to other parts of the user’s network, allowing the hacker greater access to information and resources.

Fortunately, 3CX users who have adopted their newest version of the software, available as of November 2020, have not been affected by this attack. That version comes with new security improvements, such as tighter control over access to the software and improved visibility for IT teams overseeing the system’s operations.

It is important for 3CX users to be aware of the risks associated with supply chain attacks and other forms of malware, and to ensure that they are using the most up-to-date versions of the software. Additionally, users should continue to monitor their systems for any suspicious activities, and should report any security incidents they observe to their IT administrators as soon as possible.