all InfoSec news
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Malware Analysis, News and Indicators - Latest topics malware.news
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far:
- The infection is spread via 3CXDesktopApp MSI installers. An installer for macOS has also been trojanized.
- The malicious installation package contains an infected dll library that decrypts a shellcode from the d3dcompiler_47.dll library’s overlay and executes it.
- The decrypted payload …
3cx 3cxdesktopapp attack backdoor community crowdstrike dll findings infection infostealer installation installer library macos malicious march msi overlay package payload popular program report security server sharing shellcode supply supply chain supply chain attack urls voip