May 24, 2024 at 06:00AM
The courtroom video recording software developed by Justice AV Solutions (JAVS) has been targeted in a software supply chain attack, resulting in the delivery of malware known as RustDoor. Cybersecurity firm Rapid7 discovered the attack and reported that the compromised installer and associated executable have been signed with unexpected Authenticode certificates. JAVS has taken security measures and advises users to verify software authenticity and update to the latest version.
Key takeaways from the meeting notes:
– Malicious actors have compromised the installer for Justice AV Solutions (JAVS) courtroom video recording software and delivered malware, specifically the RustDoor backdoor.
– The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8.
– Cybersecurity firm Rapid7 discovered a malicious executable named “fffmpeg.exe” in the software’s Windows installation folder, leading to the identification of the compromised installer “JAVS Viewer Setup 8.3.7.250-1.exe” from the official JAVS site.
– Upon execution, the malware establishes contact with a command-and-control (C&C) server, executes obfuscated PowerShell scripts, and attempts to download additional payloads, including one masquerading as a Google Chrome installer.
– The compromised installer and “fffmpeg.exe” were signed by an Authenticode certificate issued to “Vanguard Tech Limited,” which differs from the legitimate signing entity, “Justice AV Solutions Inc.”
– The malware family is associated with ransomware-as-a-service (RaaS) affiliate ShadowSyndicate and exhibits similarities with RustDoor and GateDoor malware targeting both macOS and Windows devices.
– JAVS acknowledged the security issue and has taken steps to address it, including pulling the impacted version from the website, conducting a full audit of systems, and encouraging users to verify digitally signed software.
Users are advised to check for indicators of compromise (IoCs), re-image affected endpoints, reset credentials, and update to the latest version of JAVS Viewer to mitigate risk.