Supply chain attack targets millions of phone system users through trojanized 3CX app

Cybersecurity firms have been warned of a supply chain attack targeting downstream customers using a trojanized 3CX software

Supply chain attack targets millions of phone system

Multiple cybersecurity firms have warned of a supply chain attack using a trojanized version of 3CX's software to target downstream customers. 

3CX is a phone system developer used by more than 600,000 organizations worldwide, including American Express, BMW, McDonald’s, and the U.K.'s National Health Service. The attack, dubbed "Smooth Operator," involves the delivery of trojanized 3CXDesktopApp installers to install infostealer malware inside corporate networks, capable of stealing data and stored credentials from Google Chrome, Microsoft Edge, Brave, and Firefox user profiles. 

Researchers report that attackers are targeting both the Windows and macOS versions of the compromised VoIP app. The Linux, iOS, and Android versions appear to be unaffected. The attackers are believed to be the North Korean threat actor Labyrinth Chollima, a subgroup of the notorious Lazarus Group. It appears to be a targeted attack from an Advanced Persistent Threat, perhaps even state-sponsored. 

If you are a 3CX user, the company suggests uninstalling the app and installing it again or using its PWA client as a workaround. While we don't know how many organizations have been potentially compromised, reports that there are currently over 240,000 publicly exposed 3CX phone management systems. 

Stay vigilant and take immediate action if you suspect any suspicious activity.

Manish <span>Content Strategist</span>
Written By
Manish Content Strategist

With a mixture of literature, cinema, and photography, Manish is mostly traveling. When he is not, he is probably writing another tech news for you!

Want To Hire The Best Service Provider?
MobileAppDaily will help you explore the best service providers depending on your vision, budget, project requirements and industry. Get in touch and create a list of best-suited companies for your needs.

Featured Success Stories


Everything You Need To Know About iOS 11.3 Update And Reported Snags

4 min read  

The much anticipated iOS 11.3 Update was rolled out a couple of days ago, which fits into the latest version of Apple's iPhone, iPad, and iPod touch operating system. The update was finally churned out after going through 6 beta tests before it was made available to the public. iOS 11.3 is been


Smart Reply is coming to Google's Chat App Notifications

4 min read  

Google’s list of innovations is truly remarkable. And, the giant surely likes to beat its own records by blending technology perfectly with today’s users’ day-to-day needs. One such laurel to join the multinational technology company’s innovation list is the arrival of &ldquo


Microsoft Down its Free Upgrade and its Backdoor Loophole

4 min read  

Today, we mourn the beloved Windows 8.1 as Microsoft shuts down every hope for a last-minute free upgrade from Windows 10. After five years of Windows 8.1 debut, Microsoft ended mainstream support for Windows 8.1 on January 9. The news, although sad wasn’t yet heartbreaking as Microsoft’


Facebook Launches New Tool But It Is Ridden With Privacy Loopholes

4 min read  

Privacy is non-negotiable and Facebook learned it the hard way. After Cambridge Analytica’s misuse of Facebook users information and user data leaks by Cultura Colectiva, the company's reputation has been shaken over the past years. In an attempt to rebuild the company’s ima

MAD Originals
MAD Originals

Cut to the chase content that’s credible, insightful & actionable.

Get the latest mashup of the App Industry Exclusively Inboxed

  • BOTH
Join our expansive network, build connections and expand your brand presence.