A new supply chain attack uses a Trojanized version of the Comm 100 Live Chat Application to compromise networks, and until Sept. 29, it was actively available for download from Comm 100’s official website.
The Comm100 Live Chat application enables organizations to communicate with real-time chat and boasts more than 15,000 customers across 51 countries.
Researchers with CrowdStrike reported the malicious Comm100 installer was available for download on the company’s website and was signed on Sept. 26.
Following the CrowdStrike disclosure, Comm100 has released an updated installer (10.0.9) on Thursday and is performing a deep analysis to learn more about the attack, the researchers said.
Despite the relatively short lifespan of the supply chain attack, the malware was able to infect several organizations, with some infections still active.
“The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe,” the report on the supply chain attack said.
The CrowdStrike team members added they are moderately confident the threat actors are from China, based on several factors, including the use of the Chinese language in notes in the code.
Source: www.darkreading.com