In a massive supply chain attack, malware-infected Windows and Mac apps have infiltrated the widely used cloud-based communications system 3CX. Upon installation, these trojanized apps create a backdoor into the system, leaving the environment vulnerable to cyberattacks.
The attack demonstrates how groups can move around intel in a stealthy manner without alerting any party involved. All of the apps were signed with a legitimate digital signature, making it difficult to detect the attack. The digital signature is a standard protocol used to prove the authenticity of code by verifying it comes from the actual developer.
The attack was discovered after thousands of users were hit with ads and malicious payloads on the internal web panel as well as on the web, mobile and desktop apps. Once the malicious scripts had gained a foothold, attackers proceeded to gain access to sensitive information, such as usernames, passwords and tokens. They then used this access to download more malicious apps from GitHub, which allowed them to spread the malicious payload to 3CX users, hijacking their systems.
It is likely the trojanized apps penetrated the software system by exploiting a vulnerability known as remote code execution, which enables attackers to execute arbitrary code on victims’ machines. The vulnerability has been present in 3CX for some time and was only recently patched.
In an effort to avoid further attacks, users have been advised to scan their systems with reliable antivirus solutions and ensure they are running the latest versions of all software—a practice known as “patching”. 3CX is also said to be revoking compromised digital signatures and redeploying patched versions of all their applications to ensure the safety of their users’ data.
This incident serves as a wake-up call to companies and individuals alike, reminding them how important it is to protect themselves against these kinds of malicious attacks. Cyberattacks are becoming increasingly sophisticated and frequent, and security protocols must be updated accordingly if we want to keep our data safe.
Hey Subscribe to our newsletter for more articles like this directly to your email.