It’s all in the subject line.
Thanks.
When the MSI or update is installed, it will extract malicious ffmpeg.dll [VirusTotal] and the d3dcompiler_47.dll [VirusTotal] DLL files, which are used to perform the next stage of the attack.https://www.virustotal.com/gui/file/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896?nocache=1
Thanks for that info, Pondus, very informative as always.
Happy Easter to you as well.
And for all: “Never put all your eggs in one and the same basket”.
Additionally after the supply chain attack a newer version was launched.
Install this latest version, which apparently is not flagged by any av-vendor:
https://www.virustotal.com/gui/url/f933a56503f1ad8fe9ca16db4af721b25fb85b5f5fe1a0f88cb8b6d7e73d10e6?nocache=1
Communicating file flagged: 2023-03-31
1/ 60 Windows Installer 3CXPhoneforWindows.msi
Read from them for the windows installer, from their forums I read:
Re: https://www.3cx.com/community/threads/new-desktop-app-build-number-18-12-425-released.120123/
polonus
Thank you both. We’re running the “legacy” desktop app, which appears to be unaffected by this issue.