Trojanized version of 3CX Desktop infects computers around the world

3CXDesktopApp is a desktop client of the 3CX voice over IP (VoIP) system. The application allows users to communicate inside and outside the organization through their desktop or laptop.

3cx

What happened;

In recent days there has been a lot of evidence that a Trojanized version of the original 3CXDesktopApp desktop client is being downloaded to the computers of unsuspecting users around the world. The Trojanized version includes a malicious DLL file, which replaced the original one known to come with the benign version of the application. Then, when the application is loaded, the signed 3CXDesktopApp executes the malicious DLL as part of its default execution process.

This turned the innocently popular VoIP application into a full-fledged malware that is transferred to remote servers and is capable of running second-stage malware.

Supply chain literally!

This is a classic supply chain attack, although there is no evidence of any tampering with the 3CXDesktopApp source code. And yet, no one expected it to function as a malicious implant.

 This proves that legal tools can be turned into weapons

The key layer of cyber protection is identifying malicious tools and behaviors before they can strike. Security vendors invest significant resources in researching and mapping malware types and families and their performance against specific threat actors and associated campaigns, while also identifying TTPs (Techniques, Tactics and Procedures) that inform the right security cycles and security policy .

To combat sophisticated cybersecurity solutions, threat actors are developing and refining their attack techniques, which are becoming less dependent on the use of custom malware and moving toward the use of unsigned tools.

Protection

Supply chain attacks are one of the most complex forms of attack. Security vendors cannot rely solely on reputation-based or single-tier solutions. They need to question the activity as seen on the network, endpoints, servers and connect the dots.

More information at 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point Customers Remain Protected – Check Point Software

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.113 registrants.
3CX, 3CX Desktop

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).