← Supply-Chain Attack Compendium

Justice AV Solutions (JAVS) Viewer

Incident Summary

JAVS Viewer installer distributed backdoor.

A specific JAVS Viewer release used for courtroom audio-visual recording was compromised through the official installer path. The backdoored build gave attackers potential full control of affected systems, placing covert access inside software trusted for legal records and evidence handling.

Date
2024-02-01 to 2024-05-10
Category
Commercial
Target Surface
Distribution
Insertion Phase
distribution
Impact
Backdoor
Cause
Compromised installer

What Was Affected

Package Justice AV Solutions (JAVS) Viewer
LanguageC++
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain javs.com

Compromised Versions

  • JAVS Viewer 8.3.7 (specific build 8.3.7.250-1)

Incident Context

Motive
Espionage
Transitive
No
Observed Duration
99 days

Evidence

Compromised Artifacts

  • JAVS Viewer Setup 8.3.7.250-1.exe downloaded from javs.com (e.g., https://www.javs.com/download/45819/ as observed by Rapid7 hosting one malicious variant).

Current Artifacts and Analysis

Indicators and Changes

Hashes

  • sha256:543ea993454380f8152e2838d27ad78803083d953701349516c288069056f101
  • sha256:a5e24c10d595969858af422c6dff6bed5f9c6c49dc9622d694327323d8a57d72
  • sha256:fe408e2df48237b11cb724fa51b6d5e9c74c8f5d5b2955c22962095c7ed70b2c
  • sha256:f8a734d5e7a7b99b29182dddf804d5daa9d876bf39ce7a04721794367a73da51
  • sha256:4f0ca76987edfe00022c8b9c48ad239229ea88532e2b7a7cd6811ae353cd1eda
  • sha256:d8def4437bd76279ec6351b65156d670ec0fed24d904e6648de536fed1061671
  • sha256:c65ee0f73f53b287654b6446ffe7264e0d93b24302e7f0036f5e7db3748749b9

External References

Source Data

Source record: proprietary/javs/meta.yaml