CrowdStrike Falcon® Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer

The CrowdStrike Falcon® platform has identified a new supply chain attack involving a trojanized installer for the Comm100 Live Chat application, which was downloadable from the company's website and affected various sectors in North America and Europe. This attack, occurring between September 27 and September 29, 2022, involved the delivery of malware via a signed installer and is believed to have a China nexus, based on moderate-confidence assessments by CrowdStrike Intelligence. The platform employs advanced machine learning and artificial intelligence to detect and mitigate such threats in real-time by using a defense-in-depth approach. CrowdStrike's investigation revealed that the malicious installer contained a JavaScript backdoor, which facilitated further malicious activities, including the installation of additional malware. Comm100 has since released an updated installer, and affected users are advised to update their software promptly. The incident highlights the critical role of advanced cybersecurity measures in protecting against sophisticated breaches like supply chain attacks.