📷 Shutterstock / Kanoktuch
Experts have alerted us to a malware-contaminated software update that records court sessions, giving persistent access to as-yet-unidentified threat actors.
Rapid7, cybersecurity researchers, found and notified the programme developers of the issue. Although the infection has now been eradicated, it is still unclear how the supply chain attack has affected things.
The application in question is known as JAVS Viewer 8, and it is a component of the JAVS Suite 8, a collection of software tools that courts use to record, play back, and organise audio and video from legal proceedings. Over 10,000 courtrooms in the US and other countries are utilising the software, according to its creators, Justice AV Solutions.
Not a single witness
According to Rapid7, an upgraded version of JAVS Viewer 8 was recently hosted on the javs.com website. It also included a backdoor that gave its makers continuous access to compromised machines. The version that was tainted, identified as 8.3.7, was removed from the website prior to April 1, 2024.
In their research, Rapid7 stated that “users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action.” “A backdoored installer in this version gives attackers complete control over impacted systems.”
At least 38 endpoints were contaminated, according to Ars Technica, and cleaning the gadget requires some work.
As a result of the discoveries, JAVS said that it has removed the malware: The business released a statement saying, “We removed every version of Viewer 8.3.7 from the JAVS website, reset all passwords, and carried out a thorough internal audit of all JAVS systems.” “We verified that every file that is now accessible on the JAVS.com website is authentic and virus-free. We also confirmed that this issue did not compromise any systems, certificates, JAVS Source code, or other software releases.