Background / What has happened?
Open source reports have emerged describing a supply chain compromise affecting multiple versions of 3CX DesktopApp for Windows and Mac.
3CX DesktopApp is a voice and video conferencing app. Reports suggest malicious actors have been able to modify the legitimate 3CX DesktopApp installer to trojanise the software, potentially enabling further malicious activity, such as installation of malware, against users of affected software versions.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) is aware of reports suggesting there is an active state-sponsored intrusion campaign targeting 3CX DesktopApp users. The ASD's ACSC has not received any reports of Australian organisations targeted in this campaign.
Reports relating to this campaign, and accompanying indicators of compromise (IOCs) are available from:
Mitigation / How do I stay secure?
3CX advises customers who use the affected desktop client to uninstall the software and use the browser-based Web App (PWA) until 3CX can deliver a new, secure version.
The ASD's ACSC recommends users of 3CX DesktopApp review the Security Alert published by 3CX and continue to review and follow the vendor’s advice.
- Security Alert published by 3CX
Additional Alerts have been published by:
- United States Cybersecurity & Infrastructure Security Agency (CISA)
- Canadian Centre for Cyber Security
Assistance / Where can I go for help?
The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).