Skip to content

Description: 

3CX, a software-based communication system for businesses, recently fell victim to a malware attack potentially affecting 600,000 clients. The malware attack has targeted both Windows and macOS users. In a forum post on March 30th, 3CX CEO Nick Galea addressed a malware issue that affected users of the 3CX DesktopApp, “The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity,” CrowdStrike said

Below is a visualisation of how attackers breached the 3CX Desktop App.

DiagramDescription automatically generated with medium confidence

3CX has issued a statement to inform its partners and clients of a security issue in the Electron Windows App, specifically in Update 7 with version numbers 18.12.407 & 18.12.416. This issue has led to the uninstallation of the application by anti-virus software manufacturers. Additionally, versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron Mac App have also been affected by this issue. The root cause of the problem is believed to be related to one of the supplied libraries that were GIT-compiled into the application. 3CX is investigating the matter and will provide a more detailed response later. 

3CX has given the following advice: 

  1. Uninstall the 3CX Electron Desktop Application from all Windows or macOS computers.
  2. Continue anti-virus scans on your organisation’s networks.
  3. Switch to using PWA Client Web Client App rather than the Desktop App.
  4. Subscribe to 3CX’s RSS feed. This blog is where 3CX will provide all our updates on this ongoing investigation.

Prevention: 

  • Use anti-virus or anti-malware software and keep it updated to prevent and detect any malicious software that could exploit vulnerabilities. 
  • Ensure your computer’s firewall is enabled and configured to block unauthorised access. 
  • Be cautious when opening email attachments or downloading files from the internet. 

Related Links: