3CXDesktopApp is a desktop client of the 3CX voice over IP (VoIP) system. The app allows to users to communicate inside and outside the organization via their desktop or laptop computer.
What happened;
In recent days there has been a lot of evidence that a Trojanized version of the original 3CXDesktopApp desktop client is being downloaded to the computers of unsuspecting users around the world. The Trojanized version includes a malicious DLL file, which replaced the original one known to come with the benign version of the application. Then, when the application is loaded, the signed 3CXDesktopApp executes the malicious DLL as part of its default execution process.
This turned the innocently popular VoIP application into a full-fledged malware that is transferred to remote servers and is capable of running second-stage malware.
Supply chain literally!
This is a classic attack chainof supply, although there is no evidence of any interference with the source code of 3CXDesktopApp. And yet, no one expected it to function as a malicious implant.
This proves that legal tools can be turned into weapons
The key layer of cyber protection is identifying malicious tools and behaviors before they can strike. Security vendors invest significant resources in researching and mapping malware types and families and their performance against specific threat actors and associated campaigns, while also identifying TTPs (Techniques, Tactics and Procedures) that inform the right security cycles and security policy .
To combat sophisticated cybersecurity solutions, threat actors are developing and refining their attack techniques, which are becoming less dependent on the use of custom malware and moving toward the use of unsigned tools.
Protection
Supply chain attacks are one of the most complex forms of attack. Security vendors cannot rely solely on reputation-based or single-tier solutions. They need to question the activity as seen on the network, endpoints, servers and connect the dots.
More information at 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point Customers Remain Protected – Check Point Software
