Security News > 2022 > October > Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor.
Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website.
Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises.
Supply chain compromises, like that of SolarWinds and Kaseya, are becoming an increasingly lucrative strategy for threat actors to target a widely-used software provider to gain a foothold in the networks of downstream customers.
CrowdStrike has tied the attack with moderate confidence to an actor with a China nexus based on the presence of Chinese-language comments in the malware and the targeting of online gambling entities in East and Southeast Asia, an already established area of interest for China-based intrusion actors.
The name of the adversary was not disclosed by CrowdStrike, but the TTPs point in the direction of a threat actor called Earth Berberoka, which earlier this year was found using a fake chat app called MiMi in its attacks against the gambling industry.
News URL
https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)