Backdoored version of popular video-conferencing app found on GitHub

Friday, 31 March 2023 11:13

Backdoored version of popular video-conferencing app found on GitHub Featured

By Sam Varghese

Image by Gerd Altmann from Pixabay

Security firm Rapid7 has found a backdoored version of the popular video-conferencing software 3CXDesktopApp which is sold by the company 3CX through the GitHub software repository.

In a blog post, Rapid7 said the app was available for all major platforms, adding that malicious activity had been observed on both the Windows and Mac environments.

The company's researchers said analysis of the binary had shown that a backdoored version of ffmpeg.dll was among the files that were dropped during installation.

This was able to read a RC4-encrypted blob in d3dcompiler.dll which was executable code that was reflectively loaded. It retrieved .ico files with appended Base64-encoded strings from GitHub.

The encoded strings appeared to be command-and-control communications.

Rapid7 said it had contacted GitHub about the GitHub repository being used as adversary infrastructure. As of 9:40PM ET on 29 March (6.40am om 30 March AEDT), the malicious user had been suspended and the repository was no longer available.

Even though malicious activity was not confirmed in all environments, the Rapid7 researchers said it would be wise to uninstall the app on all platforms.

"Out of an abundance of caution, a conservative mitigation strategy would be to uninstall 3CXDesktopApp on all platforms and remove any artifacts left behind," they said.

"Users should retroactively hunt for indicators of compromise and block known-bad domains."

The team has provided a list of indicators of compromise as part of its post. Researchers Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre and Christiaan Beek contributed to the post.

Read 542 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

ENABLE HYBRID CLOUD & REDUCE NETWORK LATENCY WHITEPAPER

Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!