Hackers Compromise Corporate Chat Software
China-based hackers plant malware in installer of popular customer service chat software to breach corporate networks in North America and Europe
Computer security firm CrowdStrike said hackers likely to be based in China planted malware in widely used customer service chat software from Canadian firm Com100 in a supply-chain compromise recalling that of SolarWinds two years ago.
The attack was detected late last week and the malware was probably present in Com100’s Live Chat application installer for a couple of days before being detected.
Com100, based in Vancouver, British Columbia, has since removed the malware and issued a new version of the installer.
Compromised installer
CrowdStrike didn’t indicate how many of Com100’s customers were affected, but said the malware hit firms in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe.
The firm said the malware was in place at least from 27 September until the morning of 29 September.
The malicious installer was signed with a valid Comm100 Network Corporation certificate on 26 September, CrowdStrike said.
The compromised installer contained a JavaScript backdoor that downloaded and executed a second-stage script from a server based on Amazon Web Services (AWS) infrastructure.
China-based group
Researchers found that hackers had installed additional malware on affected systems.
CrowdStrike said it believed the attackers were a China-based group known to have previously attacked online gambling entities in East and Southeast Asia, based on similarities in the methods used and the presence of Chinese-language comments in the malware.
The supply-chain attack recalls the compromise of software made by SolarWinds that hackers used in late 2020 to compromise a range of US government bodies and private companies.