Supply chain attack on 3CXDesktopApp video conferencing software

Summary

Malicious code was inserted into the 3CXDesktopApp video conferencing software installation package. The harmful code installs on user devices during updates or installations after March 22, 2023.

Key Details

• Software: 3CXDesktopApp (widely used video conferencing)
• Attack Type: Supply chain (compromised installation package)
• Payload: Malicious code installed with software
• Timeline: Downloads/updates after March 22, 2023 affected
• Detection: Observed by data security companies

Context

This supply chain attack compromised a widely-used video conferencing application, affecting potentially large numbers of users globally.

Notes

• Significant supply chain compromise
• Clear timeline for affected versions
• Confidence: high