Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

May 24, 2024, 1:56 p.m.

Description

Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowing attackers to gain remote control over affected systems. The malicious installer included a binary named fffmpeg.exe which executed obfuscated PowerShell scripts and facilitated unauthorized access, data exfiltration, and credential harvesting. Affected users should immediately re-image compromised endpoints, reset credentials, and install the latest JAVS Viewer version after remediation.

Date

Published: May 24, 2024, 1:29 p.m.

Created: May 24, 2024, 1:29 p.m.

Modified: May 24, 2024, 1:56 p.m.

Indicators

fe408e2df48237b11cb724fa51b6d5e9c74c8f5d5b2955c22962095c7ed70b2c

f8a734d5e7a7b99b29182dddf804d5daa9d876bf39ce7a04721794367a73da51

d8def4437bd76279ec6351b65156d670ec0fed24d904e6648de536fed1061671

c65ee0f73f53b287654b6446ffe7264e0d93b24302e7f0036f5e7db3748749b9

aace6f617ef7e2e877f3ba8fc8d82da9d9424507359bb7dcf6b81c889a755535

a5e24c10d595969858af422c6dff6bed5f9c6c49dc9622d694327323d8a57d72

4f0ca76987edfe00022c8b9c48ad239229ea88532e2b7a7cd6811ae353cd1eda

4150452d8041a6ec73c447cbe3b1422203fffdfbf5c845dbac1bed74b33a5e09

2183c102c107d11ae8aa1e9c0f2af3dc8fa462d0683a033d62a982364a0100d0

45.120.177.178

Attack Patterns

StealC InfoStealer

GateDoor/Rustdoor

T1216

T1548

T1083

T1543

T1055

T1219

T1140

T1027

T1053

T1056

T1059

CVE-2024-4978