31/3/2023
CrowdStrike has observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity. It has been rated 7.8 on the Common Vulnerability Scoring System (a 1 to 10 scale based on severity).