Remember SolarWinds? A similar attack is playing out now against a new software supplier.
Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, researchers from multiple security firms said.
Through means that aren't yet clear, the attack managed to distribute Windows and macOS versions of the app, which provides both VoIP and PBX services to “600,000+ customers,” including American Express, Mercedes-Benz, and Price Waterhouse Cooper. The attackers somehow gained the ability to hide malware inside 3CX apps that were digitally signed using the company’s official signing key. The macOS version, according to macOS security expert Patrick Wardle, was also notarized by Apple, indicating that the company analyzed the app and detected no malicious functionality.
Courtesy of Ars Technica
Article Author: Dan Goodin