Comm100 Application Trojan Discovered, Potential Supply Chain Attack Similar to SolarWinds

Cyberthreat.id – The American cybersecurity company CrowdStrike has discovered malware (malware/malicious program) distributed by Comm100.

Comm100 is a customer service company based in Vancouver, Canada. They provide application services including chatbot and social media management spread across a number of countries.

On its website, Comm100 says it has more than 15,000 subscribers in around 80 countries.

However, so far it is unclear how the scope and scale of the hack uses malware the.

CrowdStrike mentions that the attack falls under the category of “supply chain compromises”, similar to the SolarWinds hacking incident that came to light in late 2020. (Lily: There are 62 entities in Indonesia that are vulnerable to the Orion SolarWinds hack)

“The supply chain attack used fitter app trojan Comm100 Live Chat“, said CrowdStrike in corporate blogFriday (September 30, 2022).

The attack is believed to have occurred between September 27 and 29, 2022. The Trojan file type (malware which imitate official applications, commonly used to spy or steal data) has been identified as having attacked a number of sectors such as hospitals, technology companies, insurance and telecommunications in North America (United States and Canada ) and in Europe.

“CrowdStrike Intelligence is confident that the actor responsible for this attack may have ties to China,” the company wrote.

How does attack mode work?

CrowdStrike researchers describe that malware is distributed via fitter application Comm100 downloadable from the company’s website.

Need to know that fitter valid certificate signed Comm100 Network Corporation available September 26 at 2:54 PM UTC (21:00 WIB).

While CrowdStrike finds that “Microsoft Windows 7+ desktop agents hosted on https[:]//dash11.comm100[.] io/livechat/electron/10000/Comm100LiveChat-Setup-win.exe available until the morning of September 29 is an installer trojan.

Since this discovery, Com100 claims to have fixed the vulnerability by releasing the latest installer version 10.0.9.

Believing the attack originated from Chinese hackers, CrowdStrike CEO Adam Meyers said Reutersthat the allegations are based on the behavior patterns of the malware, the language of the code and the fact that “a victim has already been targeted multiple times by Chinese hackers”, he said.

The Chinese government has denied the allegations. In an email, Chinese Embassy spokesman Liu Pengyu said officials in Beijing “firmly oppose and suppress all forms of cyber piracy in accordance with law” and that the United States are “very active in fabricating and spreading lies about so-called Chinese”. The Pirates.” “[]

Matilda Baker

"Evil pop culture fanatic. Extreme bacon geek. Food junkie. Thinker. Hipster-friendly travel nerd. Coffee buff."

Leave a Reply

Your email address will not be published. Required fields are marked *