Malware Wiki

SmoothOperator

Summary: Supply chain attack by a nation-state on VOIP software
Class: APT Trojan
Class Summary: Advanced Persistent Threat (APT) Trojans are a form of stealthy malware. They're designed to maintain their presence on your macOS system over extended periods, making detection challenging. These Trojans are often used in targeted attacks, typically by skilled adversaries such as nation-state actors or sophisticated cybercriminal groups. They can steal sensitive data or execute remote commands. If an APT Trojan is detected, it's crucial to consult with a security specialist. Considering the stealth and persistence of APT actors, you might need an overall security audit to ensure complete removal and secure any breached data.
Description: The SmoothOperator trojan was most notably used within a supply chain attack against 3CX Software where attackers managed to infect the company's teleconferencing software with a malicious dropper library that would be executed when the legitimate software was started and go on to download the second stage SmoothOperator payload.

The effected versions of the 3CX Software were infected with the dropper library
References: https://objective-see.org/blog/blog_0x73.html

https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Example Hashes: 9e9a5f8d86356796162cee881c843cde9eaedfb3

VirusTotal