A critical supply chain attack targeting the updates of 3CXDesktopApp for both Windows and macOS, has just been discovered. Bkav records at least 318 units and organizations in Vietnam using the app, including many large businesses and financial organizations.
Hackers managed to inject APT spyware into the updates, which are digitally signed by 3CX, then pushed them to users' computers through either automatic or manual update process. Victim computers will be compromised, leaving ways for hackers to perform further priviledge escalation.
The attack campaign causes particularly serious impact, therefore units using 3CXDesktopApp should immediately do the followings:
- Close, disconnect all connections to the Internet of the system in order to prevent the intrusion and control of hackers.
- Update to the latest version of 3CXDesktopApp.
- Contact specialized cybersecurity units to perform a comprehensive review of your entire system, including: servers, workstations and cloud systems, in order to thoroughly remove the spyware.
Bkav has updated this malware’s signature to our Bkav Pro, Bkav Home products. To check the presence of the malicious 3CXDesktopApp update on your system, use the free antivirus software Bkav Home (download the software here).
Zero-day vulnerabilities are discovered in operating systems or worldwide popular softwares.
New and dangerous viruses emerge with high spreading rate worldwide. (For instance: Code Red, Blaster, Conficker…).
Malicious attacks performed by Vietnamese or global hackers. (For instance: DDoS attacks aimed at Korea and US government’s websites etc.).
Critical vulnerabilities are still being exploited at large scale though patches are already available.
The spread of viruses or malicious attacks in specific and large community or regions (For instance: all over Vietnam, South East Asia, etc.).
The emergence of viruses exploiting new technology. As all defense systems are not yet ready and antivirus softwares have not been updated with new definitions, both individuals and enterprises are affected. (For instance: Skype wiretapping Trojan, virus that infects Delphi Code Translator, etc.).
The vulnerabilities have already been patched and being exploited only at small scale.
Cyber attacks and viruses spread at small scale.
There is no sign of cyber attacks or viruses spread worldwide. Network systems are working fine.