Security News > 2022 > October > Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.
Because the trojanized installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack.
CrowdStrike observed post-compromise activity such as deploying malicious loaders that use the DLL order-hijacking technique to load the payload from within the context of legitimate Windows processes like "Notepad.exe", running directly from memory.
Crowdstrike attributes the attack with medium confidence to China-based threat actors and, more specifically, a cluster that was previously seen targeting Asian online gambling entities.
Users are strongly recommended to immediately update the Live Chat application.
Yesterday, the Canadian Center for Cybersecurity published an alert about the incident to help raise awareness among organizations that may use a trojanized version of the Comm100 Live Chat product.
News URL
Related news
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)