A critical supply chain attack targeting the updates of 3CXDesktopApp for both Windows and macOS, has just been discovered. Bkav records at least 318 units and organizations in Vietnam using the app, including many large businesses and financial organizations.

Hackers managed to inject APT spyware into the updates, which are digitally signed by 3CX, then pushed them to users' computers through either automatic or manual update process. Victim computers will be compromised, leaving ways for hackers to perform further priviledge escalation.

The attack campaign causes particularly serious impact, therefore units using 3CXDesktopApp should immediately do the followings:

- Close, disconnect all connections to the Internet of the system in order to prevent the intrusion and control of hackers.

- Update to the latest version of 3CXDesktopApp.

- Contact specialized cybersecurity units to perform a comprehensive review of your entire system, including: servers, workstations and cloud systems, in order to thoroughly remove the spyware.

Bkav has updated this malware’s signature to our Bkav Pro, Bkav Home products. To check the presence of the malicious 3CXDesktopApp update on your system, use the free antivirus software Bkav Home (download the software here).

Bkav