3CX users face supply chain attack risk due to app vulnerability.

March 30, 2023 at 05:36 PM

•

1 min read

TL;DR Summary

Internet telephony company 3CX has warned its customers of malware that was apparently weaseled into the company’s own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX’s source code repositories. The malware-laced versions were apparently built and distributed by 3CX itself, so they have the digital signatures you’d expect from the company, and they almost certainly came from an official 3CX download server. 3CX has advised its users to uninstall the Desktop App and switch to using the company’s web-based telephony app for now.

Topics:business #3cx #cyberattack #cybersecurity #electron #malware #source-code

Share this article

Supply chain blunder puts 3CX telephone app users at risk Naked Security
Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack Ars Technica
There’s a new supply chain attack targeting customers of a phone system with 12 million users TechCrunch
3CX Supply Chain Attack: 8 Biggest Things To Know CRN
3CX knew its app was flagged as malicious, but took no action for 7 days Ars Technica

Reading Insights

Total Reads

Unique Readers

Time Saved

6 min

vs 7 min read

Condensed

93%

1,234 → 92 words

Want the full story? Read the original article

Read on Naked Security

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights