3CX Desktop App for Update 7 - Malicious Activity
3CX have release another blog post with more information.
We recommend that all 3CX servers be updated with the new version of the 3CX Desktop App by using the 3CX Management Console updates screen.
18.12.416 is the dodgy version and 18.12.422 is the new version released by 3CX.
3CX cannot guarantee that this new version is 100% safe but it’s certainly much better than 18.12.416 which is the version currently loaded onto most servers. Upgrading ensures that users that don’t follow the instructions to uninstall the app at least have something better.
We are going to be going through all 3CX servers that we have access to upgrade them to reduce the risk. If you, reading this, have access to a 3CX management console please upgrade the app to the latest version.
For users of the app itself, we still recommend uninstalling the 3CX Desktop App everywhere and not using it, even the new one that just released. Continue to use the web client until a proven safe version is available.
We will be sending out a bulk emailer this morning to all customers with instructions.
3CX have provided an update on the situation that you can read here:
Our recommendations are still to uninstall the 3CX Desktop App and use the web client. Once 3CX has released the new (clean) version of the app we will be in touch with customers to ensure upgrades to the new version is completed.
We’ve been made aware that there is a malicious version of the 3CX Desktop App for Windows and Mac that may have been downloaded to user’s computers as part of an update to Version 18 Update 7.
Not all users of the latest version of the app have the malicious version of the app but the safest option is to uninstall the 3CX Desktop App from all computers and to use the 3CX web client (one that runs in a browser tab), 3CX mobile app or desk phones instead until there is an official fix.
For the official update from 3CX, please visit https://www.3cx.com/blog/news/desktopapp-security-alert/
You can read more information here:
or if you would like to get in-depth details you can visit
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ and https://www.todyl.com/blog/post/threat-advisory-3cx-softphone-telephony-campaign