Supply chain attack on 3CXDesktopApp video conferencing software

Source: NCSC-FI Security Now!
Link: https://www.kyberturvallisuuskeskus.fi/en/ttn_30032023
Published: 2023-04-04

Summary

Harmful code slipped into the widely used 3CXDesktopApp video conferencing software installation package. Code installed during updates or installations. Harmful version installed if download/update occurred after 22 March 2023.

Key Points

• Supply chain attack on 3CXDesktopApp
• Malicious code in installation package
• Affects updates/installations after 2023-03-22
• Wide impact on user base