Everyday is lazarus.dayβ

3CXDesktop App Supply Chain Attack - Check Point Software

2023-03-29, Checkpoint
#SupplyChain #3CXDesktopApp #SmoothOperator


30/3/2023 03:35 EST
What is 3CXDesktop App?
3CXDesktopApp is a desktop client of 3CX voice over IP (VoIP) system. The application allows users to communicate within and outside the organization through their desktop or laptops.
The app can record calls and facilitate video conferencing and can be used on Windows, macOS, and Linux operating systems. It’s a tool that businesses use when they have a hybrid or remote workforce and their customers include government service providers like the NHS as well as large enterprises including Coca-Cola, Ikea and Honda.
What happened?
Over the past few days there has been accumulated evidence a Trojanized version of the original 3CXDesktopApp client is being downloaded to unsuspecting victims around the world. The Trojanized version includes a malicious DLL file, which replaced an original one, which is known to come with the benign version of the app. Then, when the application is loaded, the signed 3CXDesktopApp is executing the …