Supply chain compromise of 3CX DesktopApp

Australian Cyber Security Centre

The ACSC is aware of a reported supply chain compromise affecting the 3CX DesktopApp, allowing malicious actors to conduct multi-stage attacks against users of the legitimate software. Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.

Alert status

Background / What has happened?

Open source reports have emerged describing a supply chain compromise affecting multiple versions of 3CX DesktopApp for Windows and Mac.

3CX DesktopApp is a voice and video conferencing app. Reports suggest malicious actors have been able to modify the legitimate 3CX DesktopApp installer to trojanise the software, potentially enabling further malicious activity, such as installation of malware, against users of affected software versions.

The ACSC is aware of reports suggesting there is an active state-sponsored intrusion campaign targeting 3CX DesktopApp users. The ACSC has not received any reports of Australian organisations targeted in this campaign.

Reports relating to this campaign, and accompanying indicators of compromise (IOCs) are available from:

Mitigation / How do I stay secure?

3CX advises customers who use the affected desktop client to uninstall the software and use the browser-based Web App (PWA) until 3CX can deliver a new, secure version.

The ACSC recommends users of 3CX DesktopApp review the Security Alert published by 3CX and continue to review and follow the vendor’s advice.

Additional Alerts have been published by:

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Content complexity

This rating relates to the complexity of the advice and information provided on the page.

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.