Trojanized Comm100 platform leveraged in supply chain attack

Numerous telecommunications, industrial, healthcare, technology, insurance, and manufacturing organizations in North America and Europe have been targeted in a new supply chain attack leveraging a trojanized version of the Comm100 Live Chat installer by Canadian customer engagement software firm Comm100, according to SecurityWeek. Threat actors behind the attack injected a JavaScript backdoor within the Comm100 installer, which facilitates second-stage script retrieval and execution, a CrowdStrike report showed. After releasing the backdoor with system information harvesting and remote shell capabilities, the trojanized installer then deploys a malicious loader DLL and other payloads to compromised devices. The report suspected Chinese hackers to be behind the operation, even though payloads, targets, and supply chain methods were different. "Despite these differences, CrowdStrike Intelligence assesses that the actor responsible for previously identified online gambling targeting is also likely responsible for these recent incidents," said CrowdStrike. Comm100 has already issued an updated installer that omits the malicious code.