Hackers compromised the supply chain of the world-famous program.
The Justice AV Solutions (JAVS) trial video recording program was hacked by injecting malware into the installation file that can take control of infected systems. JAVS is widely used in courts, law firms, correctional facilities, and government agencies around the world. The program currently has more than 10,000 installations.
After detecting the threat, the company removed the compromised version from the official website. To prevent the recurrence of such incidents, the company conducted a full audit of all systems and reset passwords so that the stolen data could not be used in the future. In the course of continuous monitoring and cooperation with cybersecurity authorities, hackers ' attempts to replace the JAVS Viewer 8.3.7 program with an infected file were detected.
JAVS has confirmed that all available files are on the site JAVS.com they are authentic and contain no malware. The company also checked that the JAVS source code, certificates, systems, and other software products were not compromised as a result of the incident.
The information security company Rapid7 conducted an investigation of the incident. The vulnerability was identified as CVE-2024-4978 (CVSS 4.0 rating: 8.7). It was established that the S2W Talon threat analysis group was the first to detect the infected installation file in early April and linked it to the Rustdoor/GateDoor malware.
During the analysis of one of the incidents related to CVE-2024-4978, Rapid7 found out that the malware sends information about the system to the C2 server after installation. Next, two hidden PowerShell scripts are executed that attempt to disable Windows Event Tracing (ETW) and bypass the Anti-Malware Scan Interface (AMSI).
The next step is to download additional malicious files from the C2 server, which collect credentials from browsers. Rapid7 confirmed that the infected installation file (javs.Viewer8.Setup_8.3.7.250-1.exe) was downloaded from the official JAVS website.
Rapid7 has called on all JAVS customers to reinstall systems on all potentially compromised devices in order to completely cut off malicious access. You should also reset all device credentials and update the software to version 8.3.9 or higher.
Rapid7 explained that simply deleting the program is not enough, as attackers could introduce additional backdoors or malware. Reinstalling systems allows you to start from scratch.
The Justice AV Solutions (JAVS) trial video recording program was hacked by injecting malware into the installation file that can take control of infected systems. JAVS is widely used in courts, law firms, correctional facilities, and government agencies around the world. The program currently has more than 10,000 installations.
After detecting the threat, the company removed the compromised version from the official website. To prevent the recurrence of such incidents, the company conducted a full audit of all systems and reset passwords so that the stolen data could not be used in the future. In the course of continuous monitoring and cooperation with cybersecurity authorities, hackers ' attempts to replace the JAVS Viewer 8.3.7 program with an infected file were detected.
JAVS has confirmed that all available files are on the site JAVS.com they are authentic and contain no malware. The company also checked that the JAVS source code, certificates, systems, and other software products were not compromised as a result of the incident.
The information security company Rapid7 conducted an investigation of the incident. The vulnerability was identified as CVE-2024-4978 (CVSS 4.0 rating: 8.7). It was established that the S2W Talon threat analysis group was the first to detect the infected installation file in early April and linked it to the Rustdoor/GateDoor malware.
During the analysis of one of the incidents related to CVE-2024-4978, Rapid7 found out that the malware sends information about the system to the C2 server after installation. Next, two hidden PowerShell scripts are executed that attempt to disable Windows Event Tracing (ETW) and bypass the Anti-Malware Scan Interface (AMSI).
The next step is to download additional malicious files from the C2 server, which collect credentials from browsers. Rapid7 confirmed that the infected installation file (javs.Viewer8.Setup_8.3.7.250-1.exe) was downloaded from the official JAVS website.
Rapid7 has called on all JAVS customers to reinstall systems on all potentially compromised devices in order to completely cut off malicious access. You should also reset all device credentials and update the software to version 8.3.9 or higher.
Rapid7 explained that simply deleting the program is not enough, as attackers could introduce additional backdoors or malware. Reinstalling systems allows you to start from scratch.
