Comm100 Live Chat Supply Chain Attack

Updated on 2022-10-04

Cyber adversaries hijacked the installer for commercial chat provider Comm100 to propagate a trojan malware via its Windows Desktop agent software. Read more: Report: Commercial chat provider hijacked to spread malware in supply chain attack

Updated on 2022-10-03: Comm100 supply chain attack

CrowdStrike said on Friday that it detected that a suspected Chinese threat actor compromised the infrastructure of Comm100, a Canadian company that provides customer support chat applications, and has modified one of its installers to deliver malware to its customers’ networks. The security vendor said the compromise was short-lived and only lasted from September 27 through September 29, when its security team detected malware being delivered through the platform.

The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe.

Read more:

• CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer
• Comm100 Agent Desktop App

Overview: Comm100 Live Chat Supply Chain Attack

The CrowdStrike Falcon Platform has identified a supply chain attack targeting the Comm100 Live Chat app. Attackers Trojanized an installer for the Comm100 Live Chat app; the malicious version of the installer appears to have been available between September 26 and 29. Comm100 has since released an updated installer (version 10.0.9).

Note

• If you’re using the Comm 100 live chat app make sure that you’re using the updated installer. Make sure that your EDR platform can detect malicious installers.

Read more in

• CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer
• Live support service hacked to spread malware in supply chain attack
• Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack
• Supply Chain Attack Targets Customer Engagement Firm Comm100