Information on Attacks Involving 3CX Desktop App
Contents
Malware
Preventing and Detecting Attacks Involving 3CX Desktop App
In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX.
Save to Folio
Note: This is a developing story and will be updated as needed.
In late March 2023, security researchers revealed that threat actors abused a popular business communication software from 3CX — in particular, the reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was being employed to target 3CX's customers as part of an attack.
On its forums, 3CX has posted an update that recommends uninstalling the desktop app and using the Progressive Web App (PWA) client instead. The company also mentioned that they are working on an update to the desktop app.
In addition to 3CX’s recommendations, Trend Micro solutions can help provide protection against potential exploits. Trend Micro Web Reputation Services (WRS) Protection blocks several domains (listed …
Preventing and Detecting Attacks Involving 3CX Desktop App
In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX.
Save to Folio
Note: This is a developing story and will be updated as needed.
In late March 2023, security researchers revealed that threat actors abused a popular business communication software from 3CX — in particular, the reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was being employed to target 3CX's customers as part of an attack.
On its forums, 3CX has posted an update that recommends uninstalling the desktop app and using the Progressive Web App (PWA) client instead. The company also mentioned that they are working on an update to the desktop app.
In addition to 3CX’s recommendations, Trend Micro solutions can help provide protection against potential exploits. Trend Micro Web Reputation Services (WRS) Protection blocks several domains (listed …
IoC
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
5a017652531eebfcef7011c37a04f11621d89084f8f9507201f071ce359bea3f
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://raw.githubusercontent.com/IconStorages/images/main/
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
4e08e4ffc699e0a1de4a5225a0b4920933fbb9cf123cde33e1674fde6d61444f
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
5a017652531eebfcef7011c37a04f11621d89084f8f9507201f071ce359bea3f
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://raw.githubusercontent.com/IconStorages/images/main/
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com