First the bad news: 

Major security monitoring companies such as Huntress and Sentinel One (both are security partners of wedoIT) are reporting that the 3CX VoIP Desktop Application has been compromised. Apparently, the application has been infected allowing it to deliver trojanized malware via legitimate 3CX updates.

Now the good news:

wedoIT does not use, recommend, or provide 3CX products to any of its customers, so to the best of our knowledge this information does not directly impact any of our client partners. That being said, it is still important information to understand in case you are a customer/client of 3CX or considering using their VoIP Desktop Application products.

What is the 3CX VoIP Desktop Application?

3CX is an international business communications software company.Its VoIP Desktop Application is a popular voice and video conferencing software product used by 600,000 3CX customer companies with 12 million daily users. It is categorized as a Private Automatic Branch Exchange (PABX) enterprise call routing platform. The 3CX PBX client is available for Windows, macOS, and Linux. There are also mobile versions for Android and iOS, as well as a Chrome extension.

What the infection achieves:

PBX software such as that provided by 3CX is an attractive target for cybercriminals. The software monitors an organization’s communications. Infecting it allows malicious actors to modify call routing or broker connections into voice services from the outside. There have been other instances where hackers have used PBX and VOIP software to deploy additional payloads. This trojanized infection introduces malware into the App software that is typically the first stage in a multi-stage attack.

What’s being done about it?

SentinelOne first noted unusual activity concerning the 3CX Desktop App on March 22, 2023. As a matter of course it initiated efforts with its clients to contain and mitigate the problem. Huntress also detected malicious activity at this time. As a matter of course, both companies initiated efforts with their clients to contain and mitigate the problem. They are currently working to assess and address the scope of the situation.

3CX is also aware of the problem and is currently working to resolve. Investigations are underway to identify the cybercriminals involved. An update was released on March 30 with respect to the ongoing supply chain intrusion impacting versions of 3CX Desktop App going back as far as January 2023’s 18.11.1213 release for macOS. A subsequent security patch has also been released.

What you should do: 

Despite these efforts, 3CX strongly recommends that ALL users avoid the desktop-based Electron application “unless it is absolutely necessary”. According to Huntress, it is anticipated that a root cause analysis on the incident will not be concluded for some time. They are advising users to look for alternative VoIP solutions for the foreseeable future.

As we’ve said, wedoIT does not partner with 3CX or provide 3CX VoIP products. We are however a full-service VoIP solutions provider. If you have questions or concerns about your current or future VoIP needs, contact us today at yes@wedoIT.co and we’d be happy to discuss.