Home Security Comm100 Chat Supplier Hijacked to Unfold Malware in Provide Chain Assault

Comm100 Chat Supplier Hijacked to Unfold Malware in Provide Chain Assault

by crpt os


A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor.

Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company’s website.

The scale of the attack is currently unknown, but the trojanized file is said to have been identified at organizations in the industrial, healthcare, technology, manufacturing, insurance, and telecom sectors in North America and Europe.

Comm100 is a Canadian provider of live audio/video chat and customer engagement software for enterprises. It claims to have more than 15,000 customers across 51 countries.

CyberSecurity

“The installer was signed on September 26, 2022 at 14:54:00 UTC using a valid Comm100 Network Corporation certificate,” the company noted, adding it remained available until September 29.

Embedded within the weaponized executable is a JavaScript-based implant that executes a second-stage JavaScript code hosted on a remote server, which is designed to provide the actor with surreptitious remote shell functionality.

Also deployed as part of the post-exploitation activity is a malicious loader DLL named MidlrtMd.dll that launches an in-memory shellcode to inject an embedded payload into a new Notepad process.

Comm100 Chat

Supply chain compromises, like that of SolarWinds and Kaseya, are becoming an increasingly lucrative strategy for threat actors to target a widely-used software provider to gain a foothold in the networks of downstream customers.

As of writing, none of the security vendors flag the installer as malicious. Following responsible disclosure, the issue has since been addressed with the release of an updated installer (10.0.9).

CyberSecurity

CrowdStrike has tied the attack with moderate confidence to an actor with a China nexus based on the presence of Chinese-language comments in the malware and the targeting of online gambling entities in East and Southeast Asia, an already established area of interest for China-based intrusion actors.

That said, the payload delivered in this activity differs from other malware families previously identified as operated by the group, suggesting an expansion to its offensive arsenal.

The name of the adversary was not disclosed by CrowdStrike, but the TTPs point in the direction of a threat actor called Earth Berberoka (aka GamblingPuppet), which earlier this year was found using a fake chat app called MiMi in its attacks against the gambling industry.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex