Compromised courtroom recording software was served from vendor’s official site

2024-05-23 14:54

Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer's site since at least April 2, a threat researcher has warned last month.

The downloaded malicious installer - JAVS Viewer Setup 8.3.7.250-1.exe, signed by an Authenticode certificate issued to "Vanguard Tech Limited", and downloaded from the official JAVS site on March 5th - contains and executes a binary named fffmpeg.

JAVS Viewer opens media and log files created by other pieces of the JAVS software suite, which is specialized software for audio-visual recording in courtroom environments, prison facilities, council and lecture rooms.

After reporting their findings to Justice AV Solutions, the company said that though they did identify attempts to replace their Viewer 8.3.7 software with a compromised file, the file analyzed by the researchers "Did not originate from JAVS or any 3rd party associated with JAVS." Still, they are revisiting their release process "To strengthen file certification".

"JAVS service technicians typically install the Viewer software in question. We have all members of our service team validating installations of Viewer software on any potentially affected systems, specifically checking for the presence of the malicious file in question - fffmpeg.exe with three 'f's.' Note, the JAVS file ffmpeg.exe with two 'f's' is a legitimate file," they noted.

"We highly encourage all users to verify that JAVS has digitally signed any JAVS software they install. Any files found signed by other parties should be considered suspect," they added.

News URL

https://www.helpnetsecurity.com/2024/05/23/javs-viewer-malware/

#vendor