Skip to content

Latest commit

 

History

History
22 lines (12 loc) · 1.28 KB

Comm100-live-chat-trojan.md

File metadata and controls

22 lines (12 loc) · 1.28 KB

Compromised Comm100 Live Chat Application Infects Customers

Comm100 is a customer engagement software provider with at least 15,000 customers across 51 countries. The company’s website distributed a Trojanized "Live Chat" installer, signed with a valid Comm100 Network Corporation certificate, from at least September 27 until September 29, 2022.

Impact

According to CrowdStrike "the trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe".

"The Comm100 installer is an Electron application in which the attackers injected a JavaScript backdoor, within the main.js file of the embedded archive. When executed, the backdoor fetches and runs a second-stage script from an external resource" that "provides the attackers with remote shell functionality."

An updated Comm100 installer has been released.

Type of Compromise

This incident fits the Publishing Infrastructure definition.

References