In the latest attack to hit the tech world, hundreds of thousands of unsuspecting users of the PBX app 3CX have downloaded trojanized Windows and Mac applications. These malicious downloads were handed out as part of a massive supply chain attack.
The attack was first discovered on November 23 when researchers at cyber security firm Check Point noticed malicious codes in a legitimate auto-updater of the popular VoIP social network “3CX.” Once installed, the auto-updater provided attackers access to the hacked system and the ability to install malware and other malicious software.
It appears that the attackers had infiltrated the official download site, which was compromised and used to deliver trojanized versions of the 3CX apps to unsuspecting customers. These malicious applications had some extra code hidden inside them that allowed attackers to gain control of the system by establishing a remote connection.
It is unclear how many people have been affected by the attack, but Check Point reported that nearly 1.4 million people had downloaded the malicious auto-updater since February 2019.
The malicious downloader was allegedly part of a larger campaign, which started in September and includes several other legitimate sites and applications.
It appears that attackers used a range of tactics in their attack, such as hiding malicious code inside the 3CX auto-updater, and using other malicious programs bundled with legitimate applications.
The attackers have not yet revealed their motives or what they are trying to achieve with this attack. However, the typical goals of such attacks typically consist of stealing data or money, or installing ransomware.
Fortunately, it seems that 3CX has already identified the problem and is working on cleaning up all the malicious files. It is recommended that, if you have downloaded the 3CX application recently, you should check if the latest version is the legitimate one by downloading it directly from the official site. As always, you should always be on the lookout for suspicious files, downloads, and behaviors.
Hey Subscribe to our newsletter for more articles like this directly to your email.