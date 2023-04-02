

The compromise of the 3CX desktop app has been known since the end of March. North Korean hackers have probably planted malicious code in the VoIP application, which is widespread among companies. The BSI has therefore now issued a warning with the second highest level.





The reports about the manipulated VoIP software are currently somewhat confused. While the 3CX developers downplay the incident, security experts around the world are warning of the consequences of malicious code injection.

The Federal Office for Information Security (BSI) also has a corresponding Warning issued to users of the application. The BSI has declared the second highest warning level: “Level 3/Orange” is warned of the manipulated 3CX desktop app: “The IT threat situation is business-critical. Massive impairment of regular operations,” says a BSI report on the incident .

According to the BSI, these are the following desktop apps: for Windows: versions 18.12.407 and 18.12.416

for Mac: the versions 11/18/1213, 12/18/402, 12/18/407 and 12/18/416

Although the software is signed by the manufacturer, it contains malicious elements that correspond to the function of a Trojan. According to the BSI, the app contains, among other things, a manipulated DLL file. This enables the application to establish a connection to a command and control server (C&C server) after successful installation and then download malware. 3CX has now confirmed these reports, but also says that the connected servers are already down and there is no direct danger. One rt nonetheless according to the company blogto uninstall the app and apply AV scans and EDR solutions. A patch is currently not available.

