Attackers hijacked the installer of a popular commercial chat provider to spread malware, according to a report published Friday by cybersecurity firm Crowdstrike.
The attack targeted Comm100, which provides chat services on websites and social media. The strategy used by the assailants appears to echo the supply chain mechanism used in the widely disruptive SolarWinds attacks, targeting a popular software provider to get a foot in the door of victims’ systems.
The attack featured a trojan malware delivered via an installer for Comm100’s Windows Desktop agent software, available on the company website and signed using a valid Comm100 certificate dated September 26, 2022, according to Crowdstrike. It remained available until the morning of September 29.
The malware embedded in the installer would surreptitiously connect to a remote command-and-control server, creating a backdoor into infected systems that the attackers then sought to exploit by installing further malicious software, according to Crowdstrike.
