"Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack"

A new supply chain attack compromises networks by using a trojanized version of the Comm100 Live Chat application, which was actively available for download on Comm100's official website until September 29. The Comm100 Live Chat application, which has over 15,000 customers in 51 countries, enables organizations to communicate with real-time chat. According to CrowdStrike researchers, the malicious Comm100 installer was available for download on the company's website and was signed on September 26. Following CrowdStrike researchers' disclosure of their discovery, Comm100 released an updated installer (10.0.9) and is conducting an in-depth analysis to learn more about the attack. Despite the supply chain attack's relatively short lifespan, the malware was able to infect several organizations, with some infections still active. This article continues to discuss the trojanized version of the Comm100 Live Chat application.

Dark Reading reports "Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack"