Security News > 2023 > March > Hackers compromise 3CX desktop app in a supply chain attack

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
According to alerts from security researchers from Sophos and CrowdStrike, the attackers are targeting both Windows and macOS users of the compromised 3CX softphone app.
SentinelOne also revealed in a report published on Thursday that the trojanized 3CX desktop app downloads icon files hosted on GitHub that contain Base64 encoded strings appended to the images.
Multiple customers in 3CX's forums have stated that they have been receiving alerts starting one week ago, on March 22, saying that the VoIP client app was marked malicious by SentinelOne, CrowdStrike, and ESET security software.
One of the trojanized 3CX softphone client samples shared by CrowdStrike was digitally signed over three weeks ago, on March 3, 2023, with a legitimate 3CX Ltd certificate issued by DigiCert.
News URL
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Hackers target AI and crypto as software supply chain risks grow (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)