Cyber Criminals compromise 3CX desktop app in a supply chain attack
A compromised and digitally signed version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is allegedly being exploited in an ongoing supply chain attack against the company's customers. 3CX is a major VoIP IPBX software development company with a vast customer base, including high-profile clients from various industries. This wide reach makes it an attractive target for threat actors seeking to compromise a large number of organizations. The 3CX Phone System is utilized by over 600,000 companies globally, with more than 12 million daily users. High-profile clients include American Express, Coca-Cola, McDonald's, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, and Holiday Inn. Security researchers from Critical Path Security, Sophos and CrowdStrike have issued alerts, stating that the attackers are targeting both Windows and macOS users of the compromised 3CX softphone application. Security researchers have raised concerns about attackers targeting both Windows and macOS users of the compromised 3CX…