This devious backdoor installer gives hackers full control over courtroom devices
Update for courtroom software actually carried a backdoor
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
An update for software that records court proceedings was contaminated withmalware, granting persistent access to still unknown threat actors, experts have warned.
Cybersecurity researchers Rapid7 discovered and reported the corruption to the software makers. The infestation has since been cleared, but the effects of the supply chain attack are not yet fully known.
The software in question is called JAVS Viewer 8, part of JAVS Suite 8, a group of software products used by courtrooms to record, play back, and manage audio and video from court proceedings. According to its makers, Justice AV Solutions, more than 10,000 courtrooms across the US and elsewhere around the world, are using the software.
No witnesses
As reported by Rapid7, the javs.com website recently hosted an updated version of JAVS Viewer 8, which also carried a backdoor that allowed its creators persistent access to infected devices. The contaminated version is designated as 8.3.7, and was pulled from the site sometime before April 1, 2024.
“Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action,” Rapid7 said in its report. “This version contains a backdoored installer that allows attackers to gain full control of affected systems.”
According toArs Technica, at least 38 endpoints were infected, and cleaning up the device takes a little effort.
Following the findings, JAVS said it took steps to clean up the malware: “We pulled all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and conducted a full internal audit of all JAVS systems,” the company said in a statement. “We confirmed all currently available files on the JAVS.com website are genuine and malware-free. We further verified that no JAVS Source code, certificates, systems, or other software releases were compromised in this incident.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
The iPhone 18 series could include a variable aperture, ‘significantly enhancing’ the camera