VOIP/PBX software 3CX abused for sideloading attack
A trojanized version of the popular phone system VOIP/PBX software 3CX is currently making headlines. The business phone system is used by companies in 190 countries worldwide. An installation program including a Trojan is foisted on Windows users via a DLL sideloading attack. The attack appears to have been a supply chain attack, which allowed attackers to add a desktop application installer that ultimately sideloaded a malicious, encrypted payload via a DLL. Phone system secretly attacked Mat Gangwer, VP Managed Threat Response at Sophos on the current situation: "The attackers managed to manipulate the application to create a...