Uninstall Now: Hackers Hijack 3CX Desktop App to Deliver Malware

pcmag.com:

If you use the 3CX desktop app for Windows or Mac, watch out: Hackers have hijacked the software to deliver malware to computers.

On Wednesday, cybersecurity providers noticed malicious activity coming from the legitimate 3CX desktop app, which is used to make VoIP and video conferencing calls.

“At this time, activity has been observed on both Windows and macOS,” security firm Crowdstrike says in a blog post(Opens in a new window). The company has also uncovered evidence the malicious activity is coming from the infamous North Korean state-sponsored group known as Lazarus, which the FBI tied to the 2014 Sony Pictures hack. 

In response, 3CX CEO Nick Galea is urging(Opens in a new window) users to uninstall the affected software, which includes versions 18.12.407 and 18.12.416 of the Windows app. The company is working on an update to fully resolve the threat. In the meantime, 3CX says users can use its web-based app(Opens in a new window) as a substitute. 

It remains unclear how the hackers breached 3CX to hijack the desktop app. But they somehow triggered the 3CX software to run an update process that causes the app to load malware components, including an infostealer that can pull data like passwords from a browser, according(Opens in a new window) to security firm Trend Micro.

The malicious activity from the app has prompted several cybersecurity providers to block the threat and even uninstall the software, so some customers may be protected from the attack. But many others likely are not. Security firm Huntress notes(Opens in a new window) as many as 242,519 devices may have been compromised.  

3CX says its clients include 600,000 businesses, along with 12 million daily users. These businesses include(Opens in a new