Security News > 2022 > October > Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.
Because the trojanized installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack.
CrowdStrike observed post-compromise activity such as deploying malicious loaders that use the DLL order-hijacking technique to load the payload from within the context of legitimate Windows processes like "Notepad.exe", running directly from memory.
Crowdstrike attributes the attack with medium confidence to China-based threat actors and, more specifically, a cluster that was previously seen targeting Asian online gambling entities.
Users are strongly recommended to immediately update the Live Chat application.
Yesterday, the Canadian Center for Cybersecurity published an alert about the incident to help raise awareness among organizations that may use a trojanized version of the Comm100 Live Chat product.
News URL
Related news
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)