Web Application Security3CX.DesktopApp.SupplyChain.Backdoor
Description
This indicates that 3CX DesktopApp Supply Chain Backdoor traffic was detected in the network.
3CX DesktopApp is a popular video conference desktop client. A compromised library with backdoor was compiled into the installers for some Windows and MAC versions. The attackers are believed to be linked to North Korea.
Outbreak Alert
Security researchers observed that the threat actors abused a popular business communication software by 3CX. The reports mention that a version of the 3CX VoIP (Voice over Internet Protocol) desktop client was trojanized and is being used to attack multiple organizations.
Affected Products
Electron Windows App (shipped in Update 7) versions 18.12.407 and 18.12.416
Electron Mac App versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Please use Anti-Virus software to scan and clean the system.
Please follow the latest advisory from the vendor.
https://www.3cx.com/blog/news/desktopapp-security-alert/
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-04-28 | 0.00347 |
CVE References
CVE-2023-29059| ID | 1090501734 |
| Created | Apr 30, 2023 |
| Updated | Apr 30, 2023 |
| Outbreak Alert | 3CX Supply Chain Attack |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Windows, MacOS |
| Affected App | Other |
| Engine Version | 5.0.0 or later |