Surprising malware threat deployed on an unexpected device

Mysterious hacker
(Image credit: Pixabay)

Cybersecurity analysts discovered more than 500,000 unique malware samples infiltrating Elastix communication software used by landline company Digium — not even corded phones are safe.

According to cybersecurity company Palo Alto's threat intelligence team Unit 42, hackers targeted Digium phones by implanting a web shell (enabling a web server to be remotely accessed) for data exfiltration purposes. The attack spanned three months, from late December 2021 to the end of March 2022.

Landline phones are unexpected devices to be used as a way to infiltrate systems by threat actors, but as cybersecurity news outlet Cybernews points out, modern handsets are often connected to the internet of things, displaying contact information, storing voicemails and call logs, and more. Call centers and companies that use communication software via handsets are at risk.

The threat actors targeted the Elastix software Digium phones use, which is the largest open source software solution for unified communications server software. It brings together email, IM, faxing, collaboration functionality, and Internet Protocol (IP) Private Branch Exchange (PBX). As the report points out, it has a web interface and includes capabilities such as call center software with predictive dialing.

Digium phone example (Image credit: Digium)

"The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution and schedules recurring tasks to re-infect the host system," the report states. "Moreover, the malware implants a random junk string to each malware download in an attempt to evade signature defenses based on indicators of compromise (IoCs)."

While Unit 42 doesn't state if businesses or users were affected by the malware attack, it's worth noting that malware attacks can spread to a selection of devices — not only through malware-infested Android apps or spyware on iPhones. To keep your phones and laptops safe, be sure to check out the best antivirus apps. And, for a better look at the different types of malicious attacks, find out the differences between spyware and stalkerware

Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.