China-nexus actors abuse live chat platform to spread malware

Threat actors abused a free Comm100 Live Chat application to deliver payloads to organizations in the US and Europe.

The CrowdStrike Falcon platform identified a supply chain attack during the installation of Comm100 Live Chat. The platform enables organizations to communicate with their website visitors in real-time.

CrowdStrike researchers said criminals were delivering malware via a signed Comm100 installer that could be downloaded from the company’s website.

“This attack occurred from at least September 27, 2022, through the morning of September 29, 2022. The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance, and telecommunications sectors in North America and Europe,” CrowdStrike said.

Based on Chinese comments in the malware, tactics, techniques, and procedures, it assesses that the actor responsible for this attack likely has a China nexus. The same threat actor has been observed targeting online gambling entities in Asia - a previously established area of focus for China-nexus actors.

Comm100 has released an updated installer following the responsible disclosure by Crowstrike.

More from Cybernews:

Russia blocks SoundCloud

Protecting infrastructure: it’s impossible to always stay alert

Metaverse puts virtual reality addiction into focus

Google committed to removing your contacts from Search

Microsoft Exchange zero-day actively exploited in the wild

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked