We regret to inform our partners and customers that our Electron Windows App shipped in Update 7, version numbers 18.12.407 & 18.12.416, includes a security issue. Anti Virus vendors have flagged the executable 3CXDesktopApp.exe and in many cases uninstalled it. Electron Mac App version numbers 18.11.1213 shipped with Update 6, and 18.12.402, 18.12.407 & 18.12.416 in Update 7 are also affected.
The issue appears to be one of the bundled libraries that we compiled into the Windows Electron App via GIT. We’re still researching the matter to be able to provide a more in depth response later today. Here’s some information on what we’ve done so far.
Domains Have Been Taken Down
The domains contacted by this compromised library have already been reported, with the majority taken down overnight. A github repository which listed them has also been shut down, effectively rendering it harmless.
Worth mentioning – this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware. The vast majority of systems, although they had the files dormant, were in fact never infected.
New Windows App in Progress
Currently, we’re working on a new Windows App that does not have the issue. We’ve also decided to issue a new certificate for this app. This will delay things by at least 24 hours so please bear with us.
Use the PWA App Instead!
We strongly suggest that you use our PWA app instead. The PWA app is completely web based and does 95% of what the electron app does. The advantage is that it does not require any installation or updating and chrome web security is applied automatically.
The reason we have two apps is that when we started the Electron App, the PWA technology was not available yet. Now it’s mature and working really well. More information on how to install it here.
We Are So Sorry
In the meantime we apologize profusely for what occurred and we will do everything in our power to make up for this error.
Since 2009, WhichVoIP.co.za has helped thousands of South African businesses to make better buying decisions for phone systems, VoIP, and connectivity. During this time, we’ve facilitated the connection of 45 000+ users through our network of 500+ telecom providers in our directory.