Comm100 Chat Application Hacked to Spread Malware in Supply Chain Attack
Reading Time: 2 minutes

Comm100 chat application hacked to spread malware in supply chain attack, it involved the trojanized installer to distribute a JavaScript backdoor.

CrowdStrike, a cybersecurity firm said the cyber attack included a signed Comm100 desktop agent app for Windows, downloadable from the company’s website.

There is currently no information as to how many companies have been affected by the attack, but it is known that the trojanized file has been reported at organizations in North America and Europe.

Comm100 is a Canadian company whose mission is to help enterprises create meaningful customer conversations. They have clients in 51 countries, many of which are large corporations.

“The installer was signed with a trusted certificate on September 26, 2022, at 2:54 pm,” which remained available until September 29, said Crowdside. 

The program has a second-stage script that is initiated when running and then initiates a remote server to enable the hacker’s ability to go on to do other things.

As part of their post-exploitation activities, they deploy a program called MidlrtMd.dll which launches an in-memory shellcode to inject malicious code onto the system, targeting Notepad.Comm100 Chat Application Hacked to to Spread Malware in Supply Chain Attack_1Compromising companies in the supply chain can impair all networks downstream. For example, hackers from a Russian APT have been able to compromise the software provider Kaseya, giving them access to potentially thousands of enterprises.

As of now, no security vendors flag the installers as malicious, but following responsible disclosure, the issue has since been addressed with the release of an updated installer.

The attack data has been tied to China by the presence of their language in the software, and their attack on the gambling industry.

The payload here is different from that of other malware previously seen by this group, which may indicate an expansion.

As of now, the attackers haven’t been found and it’s unclear how they were able to gain access to the servers and tamper with the installer.

The name of the adversary is unknown, yet CrowdStrike has discovered a threat actor using an AI named Earth Berberoka.

Related Articles:
Online Romance Scams Lord Behind Bars for 25 Years
Los Angeles Unified School District (LAUSD) Ransomware Attack Hackers leak 500GB of Stolen Data
Pegasus Spyware Latest Victims-Mexican Journalists And Human Rights Activists