3CX Desktop App Compromised (CVE-2023-29059)
Contents
FortiGuard Labs Threat Research
This is a developing story. Please check back for the latest updates from FortiGuard Labs. For a report of this event, please visit our Threat Signal Reports page.
On March 29, a number of reports surfaced that a legitimate signed file from VoIP/IP PBX solutions provider 3CX (3CXDesktop App) had been trojanized due to a code-level compromise. This is the latest high-profile supply chain attack, beginning with SolarWinds and Kaseya a few years ago. This issue has been assigned CVE-2023-29059.
3CXDesktop App is a multi-platform softphone application for desktops (Linux, MacOS, and Windows). The 3CXDesktop App allows users to interact via chat, messaging, video, and voice. Initial reports suggested that all platforms of the 3CXDesktop App were compromised. But at the time of writing, it appears that only the Electron framework versions of MacOS (versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416) and Windows (versions 18.12.407 and 18.12.416) of the 3CX …
This is a developing story. Please check back for the latest updates from FortiGuard Labs. For a report of this event, please visit our Threat Signal Reports page.
On March 29, a number of reports surfaced that a legitimate signed file from VoIP/IP PBX solutions provider 3CX (3CXDesktop App) had been trojanized due to a code-level compromise. This is the latest high-profile supply chain attack, beginning with SolarWinds and Kaseya a few years ago. This issue has been assigned CVE-2023-29059.
3CXDesktop App is a multi-platform softphone application for desktops (Linux, MacOS, and Windows). The 3CXDesktop App allows users to interact via chat, messaging, video, and voice. Initial reports suggested that all platforms of the 3CXDesktop App were compromised. But at the time of writing, it appears that only the Electron framework versions of MacOS (versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416) and Windows (versions 18.12.407 and 18.12.416) of the 3CX …
IoC
08d79e1fffa244cc0dc61f7d2036aca9
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
480dc408ef50be69ebcf84b95750f7e93a8a1859
54004dfaa48ca5fa91e3304fb99559a2395301c570026450882d6aad89132a02
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
6285ffb5f98d35cd98e78d48b63a05af6e4e4dea
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
AA4E398B3BD8645016D8090FFC77D15F926A8E69258642191DEB4E68688FF973
B5E318240401010E4453E146E3E67464DD625CFEF9CD51C5015D68550EE8CC09
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
bb915073385dd16a846dfa318afa3c19
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
http://Soyoungjun.com
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://convieneonline.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com
11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03
480dc408ef50be69ebcf84b95750f7e93a8a1859
54004dfaa48ca5fa91e3304fb99559a2395301c570026450882d6aad89132a02
5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290
59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983
6285ffb5f98d35cd98e78d48b63a05af6e4e4dea
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
AA4E398B3BD8645016D8090FFC77D15F926A8E69258642191DEB4E68688FF973
B5E318240401010E4453E146E3E67464DD625CFEF9CD51C5015D68550EE8CC09
aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb
bb915073385dd16a846dfa318afa3c19
c485674ee63ec8d4e8fde9800788175a8b02d3f9416d0e763360fff7f8eb4e02
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
http://Soyoungjun.com
http://akamaicontainer.com
http://akamaitechcloudservices.com
http://azuredeploystore.com
http://azureonlinecloud.com
http://azureonlinestorage.com
http://convieneonline.com
http://dunamistrd.com
http://glcloudservice.com
http://journalide.org
http://msedgepackageinfo.com
http://msstorageazure.com
http://msstorageboxes.com
http://officeaddons.com
http://officestoragebox.com
http://pbxcloudeservices.com
http://pbxphonenetwork.com
http://pbxsources.com
http://qwepoi123098.com
http://sbmsa.wiki
http://sourceslabs.com
http://visualstudiofactory.com
http://zacharryblogs.com