Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Live Support Software Spreading Malware as Part of Supply Chain Attack

The official installer for the Comm100 Live Chat Option that businesses use for customer communication has been trojanized as part of a new supply-chain attack. Researchers at CrowdStrike reported that the infected variant became available on September 26 and was active until September 29. The trojanized installer used a valid digital signature which would have stopped most anti-virus solutions from being able to identify it as malicious. The attacker implanted a JavaScript backdoor in the software which runs when downloaded. This backdoor then fetches a second stage obfuscated script from a hard coded URL, which gives the attackers remote shell access to the infected endpoints via command line. Researchers have attributed this attack to a Chinese speaking threat group, and more specifically a cluster that has been reportedly targeting the Asian gambling community.

Analyst Notes

CrowdStrike informed Comm100 of the attack on their software and the company immediately released a clean version on their website. It is recommended that anyone with the software installed make sure they have the latest version so that they remain protected. Companies should look into a service, such as Binary Defense’s Managed Detection and Response, that can look for abnormalities on endpoint and within networks in order to identify threats capable of bypassing traditional anti-virus.