Millions at Risk: 3CX Desktop App Compromised in Supply Chain Attack
Cybersecurity vendors have warned of an active supply chain attack that is using digitally signed and rigged installers of the popular voice and video conferencing software, 3CX Desktop App, to target downstream customers. The attack, dubbed SmoothOperator, is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL. The attack may have commenced around March 22, 2023. 3CX is working on a software update for its desktop app and is urging its customers to uninstall the app and install it again or use the PWA client as a workaround. The attack has been attributed with high confidence to a North Korean nation-state actor, Labyrinth Chollima.
- 3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way! The Hacker News
- SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack SentinelOne
- Hackers compromise 3CX desktop app in a supply chain attack BleepingComputer
- CrowdStrike Prevents 3CXDesktopApp Intrusion Campaign CrowdStrike
- 3CX DesktopApp compromised by supply chain attack CSO Online
Reading Insights
0
1
3 min
vs 4 min read
81%
640 → 121 words
Want the full story? Read the original article
Read on The Hacker News