Shulou(Shulou.com)11/24 Report--

CTOnews.com April 1 news, VoIP communications company 3CX was hacked on Wednesday night, in a large-scale supply chain attack, distributed Windows applications containing Trojans.

The hacker's attack is a 10-year-old Windows vulnerability, and the executable appears to have been legally signed. To make matters worse, Microsoft removed the fix from its Win11 system.

Microsoft released a patch a long time ago, but the installation of the device is not mandatory and is still an "optional update."

Hackers have replaced two DLL used by Windows desktop applications, and once the device runs these malicious applications, it will download information, steal Trojans and other malicious software.

CTOnews.com learned from the report that one of the DLL files was a legitimate DLL:d3dcompiler_47.dll signed by Microsoft, but the hackers modified the DLL to include an encrypted malicious payload at the end of the file.

While the device runs this malware, the Windows system still appears to be officially signed by Microsoft.

Microsoft first disclosed this vulnerability on December 10, 2013, and explained that it can add content to the signature part of EXE's CAPTCHA signature (WIN_CERTIFICATE structure) in the signed executable file without invalidating the signature.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.