In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Investigations of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; they also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on Sept. 29, 2022.

What is a supply-chain attack?

A supply-chain attack is an incident in which malicious actors use an application’s installer to spread malicious code to the end user. In the Comm100 case, performance monitoring software and gaming applications were also affected by the cyberattack.

How does it work?

In the case of supply-chain attacks, attackers can embed code in installers (or other components) that are distributed via legitimate distribution channels such as popular download sites. This allows them to get their malicious files into users’ devices without having direct access to them.

Do I have to install any malicious software?

No. Just like with other malware, attackers can embed their malicious code into an installer’s file or program components in such a way that makes the user think that it’s part of the app he is actually installing. Attackers use this approach to bypass input validation and for other reasons.

What information does the attacker get from me?

Attackers can get access to information such as app usage data, personal data and installed software details by installing malicious code on your device.

What is Comm100?

Comm100 is an enterprise chat app that enables supply chain employees to communicate more effectively with customers.

‍

Source: Probing Weaponized Chat Applications Abused in Supply-Chain Attacks - AlienVault - Open Threat Exchange