Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
3CX Supply Chain Attack
Description:
3CX, a software-based communication system for businesses, recently fell victim to a malware attack potentially affecting 600,000 clients. The malware attack has targeted both Windows and macOS users. In a forum post on March 30th, 3CX CEO Nick Galea addressed a malware issue that affected users of the 3CX DesktopApp, “The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity,” CrowdStrike said.
Below is a visualisation of how attackers breached the 3CX Desktop App.
3CX has issued a statement to inform its partners and clients of a security issue in the Electron Windows App, specifically in Update 7 with version numbers 18.12.407 & 18.12.416. This issue has led to the uninstallation of the application by anti-virus software manufacturers. Additionally, versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron Mac App have also been affected by this issue. The root cause of the problem is believed to be related to one of the supplied libraries that were GIT-compiled into the application. 3CX is investigating the matter and will provide a more detailed response later.
3CX has given the following advice:
- Uninstall the 3CX Electron Desktop Application from all Windows or macOS computers.
- Continue anti-virus scans on your organisation’s networks.
- Switch to using PWA Client Web Client App rather than the Desktop App.
- Subscribe to 3CX’s RSS feed. This blog is where 3CX will provide all our updates on this ongoing investigation.
Prevention:
- Use anti-virus or anti-malware software and keep it updated to prevent and detect any malicious software that could exploit vulnerabilities.
- Ensure your computer’s firewall is enabled and configured to block unauthorised access.
- Be cautious when opening email attachments or downloading files from the internet.
Related Links:
- https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/ – Published 30th March 2023
- https://www.3cx.com/blog/releases/web-client-pwa/ – Published 16th December 2021
- https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ – Published 29th March 2023
- https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ – Published 29th March 2023
- https://www.3cx.com/blog/news/desktopapp-security-alert/ – Published 30th March 2023
- https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ – Published 29th March 2023
- https://www.3cx.com/company/customers/
- https://www.3cx.com/blog/news/security-incident-updates/ – Published 1st April 2023
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…