There's a critical security issue in the 3CX Desktop App. Here's what you need to know.
A threat actor compromised the 3CX VoIP DesktopApp resulting in malicious code being installed in the legitimate software. The app is now being used in supply chain attacks. Cyber security firms have attributed the attacks to state-sponsored threat actors, noting that the malicious activity affects both Windows and Mac environments.
The vulnerabilities affect the following 3CX products and versions:
- Electron Windows App (shipped in Update 7) versions 18.12.407 and 18.12.416
- Electron Mac App versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416
We encourage your organization to take the following steps to mitigate against potential attack:
- Uninstall 3CXDesktopApp on all platforms and remove artifacts left behind.
- 3CX recommends using the PWA client while they work on fixes for the desktop app.
- Retroactively hunt for indicators of compromise and block known-malicious domains.
We always recommend advanced EDR solutions enriched by active threat intelligence and proactive monitoring to stay on top of advanced threats like supply chain attacks.
Indicators of Compromise
We recommend blocking the following domains used by the backdoor:
Compromised MSI: aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868