Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Trend Micro investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; Trend Micro researchers also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on Sept. 29, 2022.

Data from Trend Micro telemetry suggested that some versions of a similar customer engagement software, LiveHelp100 has also been weaponized. LiveHelp100 shares the same office address as Comm100, and both share one director. Findings from the investigation that began on Oct. 14, 2022 indicated that the client application had been loading backdoor scripts from the malicious actor’s infrastructure since Aug. 8, 2022. It is also worth noting that Trend Micro were able to identify a JavaScript backdoor injected in the web application of LiveHelp100 as early as February 2022. Trend Micro have sent messages to LiveHelp100 but have received no reply.

Read more…
Source: Trend Micro