Latest update:
While this is still an ongoing issue, we will be closing off this unplanned incident. However we will continue to update our blog post with relevant information as it is made available to us. If you have any further questions, please do not hesistate to reach out to our support team.
History:
[2023-04-03 08:59:05 NZST] 3CX has provided a guide to assist with removing the 3CX Desktop Application: https://www.3cx.com/blog/news/uninstalling-the-desktop-app/
3CX's recommended actions continue to be:
[2023-04-01 08:50:29 NZDT] Google has invalidated the certificate used to sign 3CX Windows software, so for the time being multiple 3CX software installers will show as unsafe software if being downloaded. The Web client and PWA (Progressive Web App) are still the best way to access a softphone on a Windows or Mac machine.
For more, please see 3CX's post: https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
[2023-03-31 13:46:09 NZDT] We have more information on the situation, as well as the steps we're taking can be found at our blog - which we will continue to update with relevant information in the future.
[2023-03-30 19:12:43 NZDT] There has been an acknowledgement from 3CX that the most recent version of the 3CX Desktop App, version 18.12.416, is the one affected. The recommendation from 3CX is to uninstall this manually, and they are working to release an updated application shortly.
In the event that this version has been installed, we recommend doing a malware scan on the affected machine at minimum.
[2023-03-30 18:15:56 NZDT] Further on from our earlier update, we have identified a small number of PBXs that we know to be affected by this security issue and we are in the process of reaching out to those customers directly to talk through next steps. However as there has been limited word from 3CX regarding this incident, we cannot be 100% certain that other PBXs have not been affected. We are continuing to monitor this situation very closely and will continue to provide updates as they come to light. We have also added a post to our blog which also provides some more information and if you have any questions, please do not hesitate to reach out to our support team or your account manager.
[2023-03-30 15:31:04 NZDT] We have published more information here: https://www.lightwirebusiness.com/blog/security-advisory-3cx-desktop-app/
As we're provided with more information, we'll update this event and the blog.
[2023-03-30 12:48:01 NZDT] Lightwire has become aware of a possible security issue affecting the 3CXDesktopApp softphone client for PC.
Our recommendation is that any end users with the 3CX Desktop Application (version 18) for Windows and Mac OSX, uninstall it for the time being until more is known. This application is installed via the 3CX Web Client
This vulnerability does not appear to affect the older 3CX for Windows application, which is still in version 16.
End-users who are used to the affected application are recommended to use the 3CX Web Client in the mean time. The credentials to access this are provided in the Welcome Email. Please contact our service desk if you need these credentials re-sent.
At this point we are awaiting comment from 3CX regarding this possible issue. Crowdstrike has a writeup of what they have found available here: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/