Security News > 2022 > October > Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.
Because the trojanized installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack.
CrowdStrike observed post-compromise activity such as deploying malicious loaders that use the DLL order-hijacking technique to load the payload from within the context of legitimate Windows processes like "Notepad.exe", running directly from memory.
Crowdstrike attributes the attack with medium confidence to China-based threat actors and, more specifically, a cluster that was previously seen targeting Asian online gambling entities.
Users are strongly recommended to immediately update the Live Chat application.
Yesterday, the Canadian Center for Cybersecurity published an alert about the incident to help raise awareness among organizations that may use a trojanized version of the Comm100 Live Chat product.
News URL
Related news
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)