Skip to main content

The 3CX Desktop App – Supply Chain Attack

Cybersecurity experts have uncovered a supply chain attack on the 3CX DesktopApp, causing concerns in the security community. The 3CX Desktop App is a softphone application businesses use to make and receive calls on their computers or mobile devices. This attack is similar to the SolarWinds incident, where malicious code was introduced into a software update of a legitimate product used by several organizations, causing widespread damage.

With the world moving towards web-based applications, businesses are shifting away from traditional app-based solutions. The recent 3CX Desktop App supply chain attack is a clear sign that businesses must prioritise web-based solutions to ensure their data and infrastructure are safe from malicious activity. This attack has raised concerns in the security community, and businesses must take action to protect their networks and devices.

In this blog, we will explore the 3CX Desktop App supply chain attack, what it means for your business, and how to mitigate the risk of being compromised.

What is 3CX?

3CX is a phone system for businesses that allows you to make and receive calls using the internet instead of traditional phone lines. It’s software-based, which means it runs on your computer or mobile device instead of requiring expensive hardware like a traditional PBX phone system. This can save you money and provide more flexibility in how you use your phone system. Over 600,000 customers use it in 190 countries, including well-known names like American Express, BMW, Honda, Ikea, Pepsi, and Toyota.

The Supply Chain Attack on the 3CX Desktop App

The 3CX Desktop App has been infected with harmful software that can be used to steal important information from your computer or mobile device. This harmful software is called a Trojan, and it is the first part of a series of attacks that can take over your device and steal your data. This type of attack is known as a supply chain attack, where hackers compromise a trusted vendor to gain access to their customers. The attack has been ongoing for a while, and it was discovered around March 22, 2023. Cybersecurity experts are tracking the activity of the attackers and have named it Smooth Operator.

 What This Means for Users

The 3CX Desktop App attack is a supply chain attack, meaning that the threat actors compromise a trusted vendor to gain access to their customers. In this case, the 3CX Desktop App was found to have malicious code within the software, enabling it to make calls to threat-actor-controlled infrastructure, deploy second-stage payloads, and exhibit hands-on keyboard activity.

This activity poses a significant threat to businesses and organizations that use this software, potentially compromising sensitive information and leading to significant financial and reputational damage. Suppose your organisation uses the 3CX Desktop App. In that case, taking immediate action to protect your network and devices is crucial by implementing mitigation steps recommended by security organizations and staying current on the latest security threats.

Mitigation Steps to Try

For customers using the 3CX Desktop App, you can take several mitigation steps to protect your network and devices. One recommended step is implementing allow listing, which explicitly blocks known malicious files from executing. If your organization has allowed listing capabilities, like Airlock Digital, Rhipe, a cloud solutions and services distributor, has provided the following mitigation steps for customers with 3CX running. You can take the following actions, according to rhipe (2023):

To block by hash:

Add the application hash for the known compromised version of the software and the installer to prevent the file from executing (see table below).

In Airlock, go to Blocklists and right-click on Blocklists, then Select “Create Blocklist Package”.

Instructions to block 3CX Desktop App Hack

Name the package “3CX DesktopApp”.

3CX Step the import hashes

Right-click on the newly created package and select “Import Hashes”.

Blocklist on 3cx app

Paste all the hashes from the table below into the pop-up box and select “Extract Hashes”.

Intructions for 3CX Desktop App

Select “Bulk Add”, then select “Add selected to Blocklist Package”, and click “OK”

3CX Desktop App .exe using a metadata type block rule

In the same blocklist package created in the previous step, expand Blocklist Metadata Rules > right click add new rule > select Operating system > Add Criteria > Select Original Filename and type 3CXDesktopApp and save.

Do this for each OSType in your organisation.

Block 3CX threat by file name

Once completed, approve the blocklist at the root of your policy folder by selecting policies > expanding Blocklists > right-click Enable (Enforced).

File Details 

SHA256 Operating System Installer SHA256 File Name
dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc Windows aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868 3cxdesktopapp-18.12.407.msi
fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405 Windows 59e1edf4d82fae4978e97512b0331b7eb21dd4b838b850ba46794d9c7a2c0983 3cxdesktopapp-18.12.416.msi
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61 macOS 5407cda7d3a75e7b1e030b1f33337a56f293578ffa8b3ae19c671051ed314290 3CXDesktopApp-18.11.1213.dmg
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb macOS e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec 3cxdesktopapp-latest.dmg

At Databox Solutions, we offer VoipExpress, a reliable and up-to-date product that comes with additional security measures like data encryption and network security. If you have any questions about the 3CX DesktopApp supply chain attack or the information provided, please contact your Partner Account Manager.

How Datbox Solutions Can Assist?

At Databox Solutions, we understand the importance of staying ahead of the curve regarding technology. That’s why we offer VoipExpress, a web-based solution that provides an affordable and customizable VoIP phone system for your business needs. With web-based solutions like VoipExpress, businesses can stay protected from supply chain attacks like the recent 3CX DesktopApp attack, as web-based systems are generally more secure and have greater flexibility to implement security measures.

VoIP Express offers a web-based phone system not limited to one device, allowing you to work from anywhere and stay connected to your customers and colleagues. VoIP Express can enhance communication channels and streamline business operations with a wide range of features and capabilities, such as call forwarding, voicemail, video conferencing, and SMS/MMS messaging.

In addition, VoIP Express provides a cost-effective solution compatible with various devices and integrates with other business systems and software to enhance their functionality. With a strong emphasis on after-sale care and customer satisfaction, VoIP Express is dedicated to finding the right phone system for your business needs. Join VoIP Express today and experience a web-based phone system’s flexibility, features, and cost-effectiveness.

If you have concerns about the 3CX Desktop App supply chain attack or want to learn more about how VoIP Express can benefit your organization, don’t hesitate to contact your Partner Account Manager. Our team is here to help you stay informed and protected against any potential threats, so you can focus on what really matters – growing your business.


The 3CX DesktopApp supply chain attack is a serious threat to businesses. Still, with the right tools and mitigation steps, such as allowing listing and switching to VoipExpress from Databox Solutions, you can minimize the risk and protect your organisation. Remember to stay vigilant and updated on the latest security threats to keep your business safe.

3cx phone app meme

More Posts

Contact Us