The macOS version, according to macOS security expert Patrick Wardle, was also notarized by Apple, indicating that the company analyzed the app and detected no malicious functionality. The attackers somehow gained the ability to hide malware inside 3CX apps that were digitally signed using the company’s official signing key. Through means that aren't yet clear, the attack managed to distribute Windows and macOS versions of the app, which provides both VoIP and PBX services to “ 600,000+ customers,” including American Express, Mercedes-Benz, and Price Waterhouse Cooper. Hackers working on behalf of the North Korean government have pulled off a massive supply chain attack on Windows and macOS users of 3CX, a widely used voice and video calling desktop client, researchers from multiple security firms said.
0 kommentar(er)
