New supply chain attack via trojanized chat installer identified
The US cybersecurity team CrowdStrike Falcon identified a supply chain attack during the installation of a chat-based customer engagement platform, Comm100 Live Chat. Investigations show that the malware was delivered from a signed Comm100 Installer that could be downloaded from the company’s website. CrowdStrike stated that the payload delivered through this supply chain attack targeting online gambling entities in Asia is different from the incidents hackers executed in the past. Considering the pattern of behavior, CrowdStrike stated that the hackers are suspected to have a nexus with China.