3CX DesktopApp Security Alert

The 3CX Desktop application has been flagged by Anti Virus vendors. They have flagged the executable 3CXDesktopApp.exe and in many cases uninstalled it.

If you are running the 3CX Desktop application we recommend uninstalling it and using the progressive web app (PWA) version. This is the advice being issued by 3CX directly. For installation and usage information for the PWA version please see this link: https://www.3cx.com/user-manual/web-client/

To find out more about the security alert please see the following website: https://www.3cx.com/blog/news/desktopapp-security-alert or the forum post here: https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/

Any customer of Sonic Internet + Voice wishing to discuss this further should reach out to us via phone or email.

Update - 31st March 2023

3CX have provided the following update via email to customers:

Hello <<customer>>,

Early this morning we informed our partners and customers that our electron windows app shipped in Update 7, version numbers 18.12.407 & 18.12.416, included a severe security issue. We since learned that Electron Mac App version numbers 18.11.1213, 18.12.402, 18.12.407 & 18.12.416 have also been affected. Fortunately, anti-virus vendors flagged the executable 3CXDesktopApp.exe and blocked it.

3CX Appoints Leading Incident & Forensics Company Mandiant

In response to this incident, 3CX has appointed Mandiant a renowned American cybersecurity firm and subsidiary of Google - and the market leader in threat intelligence. With their help we will be able to review this incident in full. Whilst their investigation is underway, we ask you to follow the instructions below immediately.

Ensure your Server has the Latest Update Installed

Customers on 3CX Hosted / StartUP - No Action Needed

3CX Hosted and StartUP users do not need to update their servers as we will be updating them over the night automatically. Servers will be restarted and the new Electron App MSI/DMG will be installed on the server. We recommend that you DO NOT install or deploy the Electron App. This update is only to ensure that the trojan has been removed from the 3CX Server where Desktop Apps are stored and in case any users decide to deploy the app anyway. During the restart there might be disruption for a few minutes while we restart your server.

Self-Hosted and On-Premise - Install Update

For Self-Hosted and On-Premise follow these steps:

1. Launch Management Console

2. Go to Updates

3. Download Mac Desktop App - 18.12.422

4. Download Windows Desktop App - 18.12.422

Use PWA on the Clients / Desktops

Uninstall the Electron App

Follow these steps to uninstall the Electron App for Mac or Windows

For Windows:

1. Start

2. Type “Control Panel”, Enter

3. Select “Programs and Features”

4. Find 3CX Desktop App, select and press “Uninstall”.

On Mac:

1. Go to “Applications”

2. Tap on “3CX Desktop APP”

3. Right click then “Move to Bin”

4. Ensure that it isn’t also present on Desktop otherwise delete it from there as well.

5. Empty the Bin.

Use PWA instead of the Electron APP - Here's How!

1. Login to the Web Client.

2. You have two options:

1. EITHER click on the OS icon below the user avatar. A new dialog will open, select “Web App (PWA)” and then hit the “Install” button.

2. OR click on the “Install button” (A screen with an arrow) located in the address bar and confirm.

3. To set the app to auto start

1. On Google Chrome: Open your Chrome browser and type ‘chrome://apps’ into the address bar. Right click on “3CX” and enable “Start app when you sign in”.

2. On Microsoft Edge: On Edge, select to Auto-start in the dialog that appears after installation.

4. PWA only works on Google Chrome and Microsoft Edge - not on Safari or Firefox

   You can read more in the Web Client user manual.

   Avoid Using the Electron App Unless Absolutely Essential

   In a day or two from now, we will have another Electron App rebuilt from the ground up with a new signed certificate. This is expected to be completely secure. We strongly recommend that you avoid using the Electron App unless there is absolutely no alternative. The Electron App update that we are releasing today is considered to be secure but there is no guarantee given that we only had 24 hours to make the necessary adjustments.

   More Information to Come - Transparency Assured

   We are still working to decipher the full extent of the attack and we promise full transparency as soon as we are clear on everything. We don’t want to jump the gun and make wrong assumptions. Please follow our Forum and blog as well as our LinkedIn, Twitter, Facebook and Instagram pages as we’ll continue to update our customers and partners regularly.

   Our Continued and Very Sincere Apologies

   We continue to offer our very sincere apologies to all our partners and customers worldwide. The entire 3CX team continues to work around the clock.

   Sincerely,

   The 3CX Team