Millions at Risk: 3CX Desktop App Compromised in Supply Chain Attack
Originally Published 2 years ago — by The Hacker News
Cybersecurity vendors have warned of an active supply chain attack that is using digitally signed and rigged installers of the popular voice and video conferencing software, 3CX Desktop App, to target downstream customers. The attack, dubbed SmoothOperator, is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL. The attack may have commenced around March 22, 2023. 3CX is working on a software update for its desktop app and is urging its customers to uninstall the app and install it again or use the PWA client as a workaround. The attack has been attributed with high confidence to a North Korean nation-state actor, Labyrinth Chollima.