Black Basta Ransomware: A New Social Engineering Threat
The Black Basta ransomware group has recently launched an aggressive social engineering campaign targeting businesses. Originating from the remnants of the disbanded Conti group, Black…
3CX Supply Chain Attack
Description:
3CX, a software-based communication system for businesses, recently fell victim to a malware attack potentially affecting 600,000 clients. The malware attack has targeted both Windows and macOS users. In a forum post on March 30th, 3CX CEO Nick Galea addressed a malware issue that affected users of the 3CX DesktopApp, “The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity,” CrowdStrike said.
Below is a visualisation of how attackers breached the 3CX Desktop App.
3CX has issued a statement to inform its partners and clients of a security issue in the Electron Windows App, specifically in Update 7 with version numbers 18.12.407 & 18.12.416. This issue has led to the uninstallation of the application by anti-virus software manufacturers. Additionally, versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron Mac App have also been affected by this issue. The root cause of the problem is believed to be related to one of the supplied libraries that were GIT-compiled into the application. 3CX is investigating the matter and will provide a more detailed response later.
3CX has given the following advice:
- Uninstall the 3CX Electron Desktop Application from all Windows or macOS computers.
- Continue anti-virus scans on your organisation’s networks.
- Switch to using PWA Client Web Client App rather than the Desktop App.
- Subscribe to 3CX’s RSS feed. This blog is where 3CX will provide all our updates on this ongoing investigation.
Prevention:
- Use anti-virus or anti-malware software and keep it updated to prevent and detect any malicious software that could exploit vulnerabilities.
- Ensure your computer’s firewall is enabled and configured to block unauthorised access.
- Be cautious when opening email attachments or downloading files from the internet.
Related Links:
- https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/ – Published 30th March 2023
- https://www.3cx.com/blog/releases/web-client-pwa/ – Published 16th December 2021
- https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ – Published 29th March 2023
- https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ – Published 29th March 2023
- https://www.3cx.com/blog/news/desktopapp-security-alert/ – Published 30th March 2023
- https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ – Published 29th March 2023
- https://www.3cx.com/company/customers/
- https://www.3cx.com/blog/news/security-incident-updates/ – Published 1st April 2023
Related articles
New Chrome Zero-Day Vulnerability CVE-2024-4761: What You Need to Know and How to Stay Safe
Overview Google has released an emergency update to address a new zero-day vulnerability in its Chrome browser. This high-severity flaw, identified as CVE-2024-4761, is actively…
Microsoft’s May Patch Tuesday: Qakbot Zero-Day Demands Urgent Action, But Don’t Overlook Other Critical Fixes
Microsoft’s latest security update cycle, known as Patch Tuesday, arrived in May 2024 with fixes for 61 vulnerabilities. Among these, the exploitation of the zero-day…