Sergiu Gatlan reports:
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack.
3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.
[…]
According to alerts from security researchers from Sophos and CrowdStrike, the attackers are targeting both Windows and macOS users of the compromised 3CX softphone app.
Read more at BleepingComputer.