CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
May 24, 2024, 1:56 p.m.
Tags
External References
Description
Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowing attackers to gain remote control over affected systems. The malicious installer included a binary named fffmpeg.exe which executed obfuscated PowerShell scripts and facilitated unauthorized access, data exfiltration, and credential harvesting. Affected users should immediately re-image compromised endpoints, reset credentials, and install the latest JAVS Viewer version after remediation.
Date
Published: May 24, 2024, 1:29 p.m.
Created: May 24, 2024, 1:29 p.m.
Modified: May 24, 2024, 1:56 p.m.
Indicators
fe408e2df48237b11cb724fa51b6d5e9c74c8f5d5b2955c22962095c7ed70b2c
f8a734d5e7a7b99b29182dddf804d5daa9d876bf39ce7a04721794367a73da51
d8def4437bd76279ec6351b65156d670ec0fed24d904e6648de536fed1061671
c65ee0f73f53b287654b6446ffe7264e0d93b24302e7f0036f5e7db3748749b9
aace6f617ef7e2e877f3ba8fc8d82da9d9424507359bb7dcf6b81c889a755535
a5e24c10d595969858af422c6dff6bed5f9c6c49dc9622d694327323d8a57d72
4f0ca76987edfe00022c8b9c48ad239229ea88532e2b7a7cd6811ae353cd1eda
4150452d8041a6ec73c447cbe3b1422203fffdfbf5c845dbac1bed74b33a5e09
2183c102c107d11ae8aa1e9c0f2af3dc8fa462d0683a033d62a982364a0100d0
45.120.177.178
Attack Patterns
StealC InfoStealer
GateDoor/Rustdoor
T1216
T1548
T1083
T1543
T1055
T1219
T1140
T1027
T1053
T1056
T1059
CVE-2024-4978