Security News > 2022 > October > Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor.

Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website.

Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises.

Supply chain compromises, like that of SolarWinds and Kaseya, are becoming an increasingly lucrative strategy for threat actors to target a widely-used software provider to gain a foothold in the networks of downstream customers.

CrowdStrike has tied the attack with moderate confidence to an actor with a China nexus based on the presence of Chinese-language comments in the malware and the targeting of online gambling entities in East and Southeast Asia, an already established area of interest for China-based intrusion actors.

The name of the adversary was not disclosed by CrowdStrike, but the TTPs point in the direction of a threat actor called Earth Berberoka, which earlier this year was found using a fake chat app called MiMi in its attacks against the gambling industry.

News URL

https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html