Security News > 2022 > October > Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack.
Because the trojanized installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack.
CrowdStrike observed post-compromise activity such as deploying malicious loaders that use the DLL order-hijacking technique to load the payload from within the context of legitimate Windows processes like "Notepad.exe", running directly from memory.
Crowdstrike attributes the attack with medium confidence to China-based threat actors and, more specifically, a cluster that was previously seen targeting Asian online gambling entities.
Users are strongly recommended to immediately update the Live Chat application.
Yesterday, the Canadian Center for Cybersecurity published an alert about the incident to help raise awareness among organizations that may use a trojanized version of the Comm100 Live Chat product.
News URL
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)