The Australian Cyber Security Centre (ACSC) has issued a medium alert warning following reports of a supply chain compromise affecting the 3CX DesktopApp.
According to open-source reports, multiple versions of 3CX DesktopApp for Windows and Mac have been impacted, potentially enabling malicious actors to conduct multi-stage attacks against users of the legitimate software.
As a voice and video conferencing app, 3CX DesktopApp is widely used by businesses and organisations worldwide.
Reports from affected businesses suggest that cybercriminals have been able to modify the legitimate 3CX DesktopApp installer, allowing them to Trojanize the software and potentially install malware on affected systems.
ACSC is aware of reports suggesting there is an active state-sponsored intrusion campaign targeting 3CX DesktopApp users.
Although no Australian organisations have been targeted in this campaign, Australian users of affected versions of 3CX DesktopApp should immediately follow the vendor’s advice and investigate for signs of malicious activity.
To mitigate the risks, 3CX advises customers who use the affected desktop client to uninstall the software and use the browser-based Web App (PWA) until 3CX can deliver a new, secure version.
Users are also recommended to review the Security Alert published by 3CX and continue to review and follow the vendor’s advice.