3CX and Kaspersky

[Larry N]

Kaspersky's Blog makes reference to the recent so called supply chain attack involving 3CX and its desktop app. What is not mentioned is Kaspersky's response to same with regard to its product HAVING being able to detect and deter the issue found on 3/30 where today is 4/2. The only reference is that the MDR recommends uninstalling the affected program. While this is understandable, it does not provide information as to whether or not Kaspersky would have discovered, reported or done anything to the malware prior to it being reported publicly and if the malware flew under the radar in the meantime. In other words, how do we as users of Kaspersky know if the threat protection worked? Perhaps I was not infected. How do we come to grips with what info may have been collected or otherwise have been compromised and if there might still be remnants left over. What is Kaspersky doing in the meantime to address the malware if not addressed already? 

 

Thanks, using WIn 11 Pro, 22H2, 22621.1413 with Kaspersky Small Office Security 7, version 20.0.14.2085 (n)

[YaS]

We have Kaspersky MDR and it blocked the 3CX desktop app on March 30.

The first version of the app that is know to be compromised is the 18.12.407 (the March version). We don't know if we didn't started installing the compromised version before that date or if it wasn't flaged.

Alarms by some security vendors, about the compromised version, started around the 22 March but were mostly classed as false positive. But the malware seems to be dormant for at least 7 days (+ some random number) after its installation. Which would, maybe, explain why it really started to be notice the 29 March.