3CX telephony Desktop Client Security Incident

March 31, 2023

On Wednesday evening, March 29, 2023, we were notified of a serious leak in the Desktop application of one of our VOIP solutions, 3CX.

In versions 18.12.407 and 18.12.416 for Windows and 18.11.1213 for macOS, malicious parties have placed malware to gain further access to systems. In the meantime, we recommend using fixed devices, the mobile app and/or the web application. How the malware could be added has not been disclosed. 3CX said it is conducting an investigation and will provide more information at a later date.

From Analyst ICT we immediately checked all telephone exchanges and we found that none of our end-users are using the infected version of the 3CX Desktop Client. This means that we can cautiously conclude that no damage or break-in has taken place via the 3CX Desktop Client.

We continuously monitor the latest news and will act immediately if action is required. If you still have questions and/or comments about the above news, please contact us by phone or e-mail contact up. Below is the press release from www.security.nl

Security firms sound alarm over malware in desktop application 3CX - update

Several security companies are sounding the alarm about malware found in the official desktop application of the popular voip software 3CX. 3CX is one of the largest providers of business telephony solutions. The company claims to have six hundred thousand customers and 12 million daily users. 3CX also offers a Windows application to make calls or listen to voicemail from the desktop.

A library used by 3CX for its Windows application has been infected with malware, the company reveals in a warning know. That is now working on a new Windows app. In the meantime, customers are advised to use the Web application. How the malware could have been added has not been disclosed. 3CX says it is investigating and will come up with more information later today.

The malware added to the desktop application downloads additional malware that steals information from the infected system and can give attackers further access, security companies warn SentinelOne, Sophos and Crowdstrike. The latter party suspects that the attack is the work of a state actor.

Update

The installer of the macOS version of the desktop application was also provided with malware by the attackers, so report security researcher Patrick Wardle and 3CX ceo Nick Galea.

Recent blogs

Blog

What are quantum computers? And why is everyone suddenly talking about them?

Chances are you've been hearing more and more about quantum computers in recent months. In the news, on LinkedIn, or perhaps even during conversations about AI and cybersecurity. Especially now that a Dutch chip developer is gaining global attention with a new generation of quantum chips, the technology suddenly seems closer than ever. But what exactly is a quantum computer? And why is so much expected of it? From Ordinary Computer to Quantum Computer To understand quantum computers, it's helpful to first look at how a normal computer works. A traditional computer — like your laptop or server — works with bits. A…

Blog

With our feet in the mud

Here we are. Not quite recognizable anymore, thanks to AI trying to protect children. Understandable, of course. But believe us: these really are Berry and Frank. More than ten years apart, but in reality, we've always been brothers from another mother. And what do we have in common? A lot... and at the same time, almost nothing. Berry is often the good cop. Calm, down-to-earth, and always working to get things done. I'm usually the bad cop. Direct, critical, and always looking for ways to improve. But that combination is precisely what works. What completely unites us, though, is our love for...

Blog

MacAdmins Meeting: What's relevant for your organization?

Last week, we attended the MacAdmins Meeting in Leiden. It's a gathering focused on Apple administration, security, and innovation. What stood out? Developments are moving fast. But more importantly: they are becoming increasingly relevant for SMEs. We'd like to share the key insights with you. What's happening? And what does that mean for your organization? Running AI Locally: Control Over Data and Costs AI is now everywhere. But one question remains central: where does your data reside? A significant topic during the meeting was running AI models (LLMs) locally. Instead of relying on external cloud platforms, more and more...

3CX telephony Desktop Client Security Incident

Security firms sound alarm over malware in desktop application 3CX - update

Update

Recent blogs

What are quantum computers? And why is everyone suddenly talking about them?

With our feet in the mud

MacAdmins Meeting: What's relevant for your organization?

A newsletter

Superlogic right?

Contact

Direct to

About us

What we do