Chinese hackers exploit Canadian customer service firm

CrowdStrike found that a live chat app installer on Comm100’s website helped deliver trojan malware. Anyone who downloaded the app from September 27, 2022, through to the morning of September 29, 2022, is potentially affected by the malware, CrowdStrike reported, adding that the malware was detected at organizations from various industries – including industrial, healthcare, technology, manufacturing, insurance and telecommunications, in both North America and in Europe.

The trojan app installer contains a backdoor, which gathers host information and provides the hacker with remote shell functionality, it was found. It was also noted by security researchers that the trojan installer was signed on using a valid Comm100 certificate.

CrowdStrike stated that it is “moderately” confident that the threat actors responsible for the Comm100 supply chain attack have a China nexus, based on the Chinese-language comment in the malware. It was also suspected that the threat actors are the same hackers who previously launched cyberattacks against online gambling businesses in East and Southeast Asia.

Comm100 said in a message last week that it had fixed its software, and that more details on the breach would be released soon. The scope of the malware exploit is unclear, but Reuters reported that Comm100 had over 15,000 customers in some 80 countries, citing information on the company’s website.