Downloading the official 3CX desktop app, often likened to Skype, seemed safe. It came with valid digital signatures from the company, confirming its legitimacy. However, running this application could infect your computer with malware, including an info stealer, a backdoor for attackers, and potential remote control capabilities. 3CX is not an obscure software; it’s a widely used business phone application. Large companies like Pepsi, NHS, PwC, and many others utilize this software. In the modern office environment, 3CX has replaced traditional telephone lines, enabling colleagues to communicate easily. How the Incident Unfolded The trouble began over a week ago when CrowdStrike noticed unusual malicious activity from a legitimate 3CX binary. Analysts detected suspicious connections to hacker infrastructure and the deployment of malicious payloads, all stemming from the 3CX desktop app. Alarmingly, there was evidence of hands-on keyboard activity from the attackers. This d...
The Dangers of Downloading Compromised Software: A Deep Dive into the 3CX Malware Incident
June 26, 2024
Downloading the official 3CX desktop app, often likened to Skype, seemed safe. It came with valid digital signatures from the company, confirming its legitimacy. However, running this application could infect your computer with malware, including an info stealer, a backdoor for attackers, and potential remote control capabilities. 3CX is not an obscure software; it’s a widely used business phone application. Large companies like Pepsi, NHS, PwC, and many others utilize this software. In the modern office environment, 3CX has replaced traditional telephone lines, enabling colleagues to communicate easily. How the Incident Unfolded The trouble began over a week ago when CrowdStrike noticed unusual malicious activity from a legitimate 3CX binary. Analysts detected suspicious connections to hacker infrastructure and the deployment of malicious payloads, all stemming from the 3CX desktop app. Alarmingly, there was evidence of hands-on keyboard activity from the attackers. This d...
No comments