An update to software that records legal proceedings was infected with malware, allowing continued access to previously unknown threat actors.
This is evident from a new report by cybersecurity researchers Rapid7, who discovered the corruption and reported it to the software makers. The plague has now disappeared, but the consequences of the attack on the supply chain are not yet fully known.
The software in question is called JAVS Viewer 8. It is part of JAVS Suite 8, a suite of software products used by courtrooms to record, playback, and manage audio and video of court proceedings. According to its creators, Justice AV Solutions, more than 10,000 courtrooms in the US and elsewhere in the world use the software.
No witnesses
As reported by Rapid7, the website javs.com recently hosted an updated version of JAVS Viewer 8, which also had a backdoor that allowed its creators permanent access to infected devices. The compromised version is identified as 8.3.7 and was removed from the site sometime before April 1, 2024.
“Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action,” Rapid7 said in its report. “This release includes a backdoored installer that allows attackers to take full control of affected systems.”
According to Ars Technicaat least 38 endpoints are infected, and clearing the device takes some effort.
Following the findings, JAVS said it has taken steps to clean up the malware: “We have removed all versions of Viewer 8.3.7 from the JAVS website, reset all passwords and conducted a full internal audit of all JAVS systems implemented,” the company said in a statement. “We have confirmed that all currently available files on the JAVS.com website are authentic and free of malware. We have further verified that no JAVS source code, certificates, systems, or other software versions were affected in this incident.”