Trojanized, Signed Comm100 Chat Installer Anchors Supply Chain Attack

Malicious Comm100 files have been found scattered throughout North America, and across sectors including tech, healthcare, manufacturing, telecom, insurance, and others.

Dark Reading Staff, Dark Reading

September 30, 2022

1 Min Read
abstract image depicting a supply chain cyberattack
Source: Skorzewiak via Alamy

A new supply chain attack uses a Trojanized version of the Comm 100 Live Chat Application to compromise networks, and until Sept. 29, it was actively available for download from Comm 100's official website. 

The Comm100 Live Chat application enables organizations to communicate with real-time chat and boasts more than 15,000 customers across 51 countries. 

Researchers with CrowdStrike reported the malicious Comm100 installer was available for download on the company's website and was signed on Sept. 26. 

Following the CrowdStrike disclosure, Comm100 has released an updated installer (10.0.9) on Thursday and is performing a deep analysis to learn more about the attack, the researchers said.  

Despite the relatively short lifespan of the supply chain attack, the malware was able to infect several organizations, with some infections still active.

"The trojanized file was identified at organizations in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe," the report on the supply chain attack said. 

The CrowdStrike team members added they are moderately confident the threat actors are from China, based on several factors, including the use of the Chinese language in notes in the code. 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights