The mechanism for attacking macOS users is somewhat different.
These lines are then used to download the final malicious payload - the one used to attack end users. ico files hosted on GitHub with additional lines of data inside Once installed, the trojanized program creates several malicious libraries, which are used for the next stage of the attack. The user either downloads an installation package from the company’s official website and runs it, or receives an update for an already installed program. The attack via trojanized 3CX softwareĬiting researchers from various companies, BleepingComputer describes the attack mechanism via a trojanized Windows client as follows: According to 3CX representatives, the malicious code got into the program because of some unnamed trojanized open-source component that was used by the development team. A number of researchers have dubbed this malicious attack SmoothOperator.Īpparently, trojans are hiding in all versions of the software that were released after March 3 that is, builds 18.12.407 and 18.12.416 for Windows, and and newer for macOS. The list of those users is quite something - consisting of more than 600,000 companies, including well-known brands from all over the world (American Express, BMW, Air France, Toyota, IKEA). Now the cybercriminals are attacking their users via a weaponized application signed with a valid 3CX certificate. Unknown attackers have managed to infect 3CX VoIP applications for both Windows and macOS. 
Various media sources are reporting a mass supply-chain attack targeting 3CX VoIP telephony system users. KasperskyPremium Support and Professional Services.KasperskyEndpoint Security for Business Advanced.KasperskyEndpoint Security for Business Select.
0 kommentar(er)
