CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

May 24, 2024, 1:56 p.m.

Description

Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowing attackers to gain remote control over affected systems. The malicious installer included a binary named fffmpeg.exe which executed obfuscated PowerShell scripts and facilitated unauthorized access, data exfiltration, and credential harvesting. Affected users should immediately re-image compromised endpoints, reset credentials, and install the latest JAVS Viewer version after remediation.

Date

  • Created: May 24, 2024, 1:29 p.m.
  • Published: May 24, 2024, 1:29 p.m.
  • Modified: May 24, 2024, 1:56 p.m.

Linked vulnerabilities

Indicators

  • fe408e2df48237b11cb724fa51b6d5e9c74c8f5d5b2955c22962095c7ed70b2c
  • f8a734d5e7a7b99b29182dddf804d5daa9d876bf39ce7a04721794367a73da51
  • d8def4437bd76279ec6351b65156d670ec0fed24d904e6648de536fed1061671
  • c65ee0f73f53b287654b6446ffe7264e0d93b24302e7f0036f5e7db3748749b9
  • aace6f617ef7e2e877f3ba8fc8d82da9d9424507359bb7dcf6b81c889a755535
  • a5e24c10d595969858af422c6dff6bed5f9c6c49dc9622d694327323d8a57d72
  • 4f0ca76987edfe00022c8b9c48ad239229ea88532e2b7a7cd6811ae353cd1eda
  • 4150452d8041a6ec73c447cbe3b1422203fffdfbf5c845dbac1bed74b33a5e09
  • 2183c102c107d11ae8aa1e9c0f2af3dc8fa462d0683a033d62a982364a0100d0
  • 45.120.177.178

Attack Patterns

  • StealC InfoStealer
  • GateDoor/Rustdoor
  • T1216
  • T1548
  • T1083
  • T1543
  • T1055
  • T1219
  • T1140
  • T1027
  • T1053
  • T1056
  • T1059
  • CVE-2024-4978