Backdoor found in courtroom recording software JAVS
Researchers of cybersecurity company Rapid7 have found a backdoor in Justice AV Solutions (JAVS). Hackers could use this backdoor to install malware and compromise computer systems in the justice supply chain.
JAVS is a United States-based company specialized in digital audio-visual recording solutions. Its software is used by more than 10,000 courtrooms, jury rooms, legal offices, correctional facilities and government agencies worldwide.
Early May Rapid7 security experts discovered a trojanized JAVS installer containing a malicious fffmpeg.exe binary that tried to replace Viewer 8.3.7 software with a compromised file. JAVS immediately removed the compromised version of its website, stating that it did not originate from JAVS or any third party associated with JAVS.
“Through ongoing monitoring and collaboration with cyber authorities, we identified attempts to replace our Viewer 8.3.7 software with a compromised file. We pulled all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and conducted a full internal audit of all JAVS systems. We confirmed all currently available files on the JAVS.com website are genuine and malware-free. We further verified that no JAVS Source code, certificates, systems, or other software releases were compromised in this incident”, the company says in a statement.
On Thursday Rapid7 informed customers of the backdoor. The company advises system administrators to manually check their computer systems for the malignant fffmpeg.exe binary.
If the malicious file is found or detected, they should completely re-image any endpoints where JAVS Viewer 8.3.7 was installed. “Simply uninstalling the software is insufficient, as attackers may have implanted additional backdoors or malware”, security experts warn.
Browser sessions may have been hijacked to steal cookies, stored passwords or other sensitive information. Changing credentials would be the smart thing to do.
Finally, admins should install the latest version of JAVS Viewer, which is 8.3.8 or higher. The backdoor is removed in the new version.
Your email address will not be published. Required fields are marked