3CXDesktopApp

Update 3 April 2023

18:00 | We updated our blog about the 3CXDesktopApp incident with the latest information. On the 1st of April 2023 3CX has published an update on the current situation and recommended actions for those organizations using 3CXDesktopApp.

At this moment it is recommended to uninstall the 3CX Electron Desktop Application from systems running Windows or MacOS. Instead, it is possible to use the PWA Web Client App, or the legacy Desktop Application if mandatory functionality is missing. Furthermore, it is recommended to continue monitoring your environment with up-to-date AV and/or EDR solutions for potential malware.

Based on the latest information, the following versions of the 3CX Electron Desktop Application are affected:

• Windows
  • 18.12.407
  • 18.12.416
• MacOS
  • 18.11.1213 shipped with Update 6
  • 18.12.402
  • 18.12.407
  • 18.12.416 in Update 7

Update 30 March 2023

14:00 | This is an ongoing and evolving incident. More information might be added to this liveblog at a later stage.

The Voice over IP (VoIP) desktop client 3CXDesktopApp, version numbers 18.12.407 and 18.12.416, likely contains a library which has been altered by a threat actor to perform supply chain attacks.

When the 3CXDesktopApp is used in your environment, it can be used to download malicious payloads to the system it is installed on. Currently, these payloads appear to be information stealing malware. At this moment only the 3CXDesktopApp for the Microsoft Windows OS has been determined to contain the malicious code. Research is on-going whether 3CX browser extensions and the MacOS, iOS, or Android applications contain similar malicious code.

‍