CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Essential information
- Published
- 24/05/2024 13:29
- Modified
- 24/05/2024 13:56
- Tags
- 2024-05-24 CVE-2024-4978 backdoor credential harvesting gatedoor/rustdoor installer software stealc infostealer supply-chain
- Related entities
- 1 vulnerabilities (cve), 10 observables, 11 techniques (mitre), 2 malware
Description
Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowing attackers to gain remote control over affected systems. The malicious installer included a binary named fffmpeg.exe which executed obfuscated PowerShell scripts and facilitated unauthorized access, data exfiltration, and credential harvesting. Affected users should immediately re-image compromised endpoints, reset credentials, and install the latest JAVS Viewer version after remediation.