Researchers at Mandiant Consulting say a compromise of 3CX desktop application software disclosed last month was facilitated by another, separate software supply chain breach of a rogue third-party stock trading application downloaded by an employee.
In March, 3CX chief information security officer Pierre Jourdan announced that an update for the company’s Windows and Mac versions of their Electron desktop application software had been corrupted by a malicious actor, leaving any customers who downloaded it vulnerable to a range of different malware attacks, browser datamining, credential theft and the deployment of command shells.
At the time, Jourdan blamed the infected build on “one of the bundled [software] libraries we compiled into the Windows Electron App” but the initial disclosure did not identify or specify the affected software, nor did an April 11 interim assessment from Mandiant, which was hired to lead the investigation.
Now in an update Thursday, the Google-owned Mandiant said it has identified what it believes to be the initial intrusion vector: an outdated and corrupted version of X_Trader, a software program used to trade stocks and futures.
Charles Carmakal, chief technology officer at Mandiant, told reporters Wednesday that the compromise began in 2022 when a 3CX employee downloaded a version of X_Trader from the Trading Technologies website that contained a backdoor exploit similar to the one discovered in 3CX’s desktop app. The affected version of X_Trader was discontinued in 2020, but according to Mandiant it was still available for download on the Trading Technologies