nitramz Posted March 30, 2023 ID:1561144 Share Posted March 30, 2023 (edited) https://www.3cx.com/blog/news/desktopapp-security-alert/ What about this issue? Does malwarebytes detect it? We had the malicous version installed but didn't get a threat warning. Edited March 30, 2023 by AdvancedSetup Disabled live hyperlinks Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2023 ID:1561152 Share Posted March 30, 2023 (edited) Hello. First, it would be most helpful to know if you are in a business / organization / enterprise type network running the Business Malwaeebytes ( Nebula or other app) ?? or, whether this is a home type system ? It helps to know the version of Malwarebytes being used. Malwarebytes detects the malicious DDLs as Trojan.Agent. See my reply below https://forums.malwarebytes.com/topic/296399-3cx-security-issue/?do=findComment&comment=1561167 Edited March 30, 2023 by Maurice Naggar amended Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2023 ID:1561153 Share Posted March 30, 2023 3CX Desktop App is a voice-over-IP business application. NOTE what the vendor has stated on the page you citedCurrently, we’re working on a new Windows App that does not have the issue. We've also decided to issue a new certificate for this app. This will delay things by at least 24 hours so please bear with us. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2023 ID:1561164 Share Posted March 30, 2023 Sophos has some interesting tidbits about the potential vulnerability. "3CX users under DLL-sideloading attack: What you need to know"https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ other outside referenceshttps://www.securityweek.com/malware-hunters-spot-supply-chain-attack-hitting-3cx-desktop-app/ https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/ Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2023 ID:1561167 Share Posted March 30, 2023 @nitramz The Malwarebytes BLOG has a very handy set of remediation advice. Please be sure to give it strong consideration. 3CX desktop app used in a supply chain attackhttps://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack Here is a snippet from that page What needs to be done? After initially playing down the alerts on its user forums as a possible false positive, 3CX has now posted that it is working on an update. The advice on the 3CX forums is to uninstall the app and then reinstall it, accompanied by a strong advice to install the PWA client instead. Malwarebytes detects the malicious DDLs as Trojan.Agent. We will keep you updated here, but as a user you might want to keep an eye on 3CX’s blog and forums to learn about new developments, and when an update is available. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 30, 2023 ID:1561220 Share Posted March 30, 2023 Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 31, 2023 Root Admin ID:1561343 Share Posted March 31, 2023 Fixing what looks to be like a 10 year old bug might also help protect the computer. https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" Link to post Share on other sites More sharing options...
Recommended Posts