Comm100
Comm100 chat installer delivered backdoor malware.
Attackers compromised the official website of Comm100 (customer engagement software vendor) to distribute a trojanized version of their Windows Desktop Agent installer. The installer, signed with a valid Comm100 certificate, contained a JavaScript backdoor leading to potential remote shell access and further malware deployment.
- Date
- 2022-09-27 to 2022-09-29
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Website compromise
What Was Affected
Package
Comm100
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
comm100.com
Compromised Versions
- Comm100LiveChat-Setup-win.exe versions 10.0.7, 10.0.8
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- User Impact
- 1000
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- s1.comm100.com/livechat/electron/10.0.7/Comm100LiveChat-Setup-win.exe
- s1.comm100.com/livechat/electron/10.0.8/Comm100LiveChat-Setup-win.exe
- comm100.com/livechat/platform/desktopapp/Comm100LiveChatSetup.exe
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:6f0fae95f5637710d1464b42ba49f9533443181262f78805d3ff13bea3b8fd45sha256:ac5c0823d623a7999f0db345611084e0a494770c3d6dd5feeba4199deee82b86
External References
Source Data
Source record: proprietary/com100/meta.yaml