By Simon Woodhead
We’ve been made aware of a possible serious vulnerability within 3CX. We’re not in a position to confirm this ourselves but all users of it should be aware and it has now been confirmed by the CEO.
According to Crowdstrike the legitimate signed binary for 3CXDesktopApp – the softphone app available to download from the official 3CX website – has been observed performing serious malicious activity. This includes contacting actor-controlled infrastructure, deployment of further payloads, accessing browser data (potential hijacking of sessions) and in some cases actual keyboard activity. This has been observed on both Windows and macOS.
Our advice would be to remove 3CX software from endpoints immediately until remedied by the vendor. They have started a new thread to update customers on it.
This is a timely point to remind all Simwood customers, using 3CX or otherwise, that our trunks provide unique granular visibility and control of all activity from your endpoints, whether under your control or not. It is also worth pointing out that in 2023, installing software clients when the same functionality is available in a browser leaves opportunity for this kind of thing.
We hope this won’t adversely affect any of our customers but stand ready to assist where we can.
