The UK\u2019s National Cyber Security Centre (NCSC) has advised all UK businesses to take action over a severe security issue in the 3CX DesktopApp that threat actors are actively exploiting. The issue came to light last week when 3CX CEO Nick Galea announced that the 3CX DesktopApp has malware in it that affects the Windows Electron client for customers running update 7.The exploit was reported to 3CX by security researchers at Sophos, Crowdstrike, and SentinelOne. The vendor published a security alert which advises customers running affected versions to uninstall the software and use the browser-based web app PWA until a new version is available. The NCSC strongly urged all UK organizations running this software to consult the vendor advisory and take the recommended actions in it.3CX is a Voice Over Internet Protocol (VoIP) IPBX software development company. The 3CX DesktopApp allows users to make calls, chat, video conference, and check voicemail using their desktop.Researchers discover 3CX supply chain attackResearchers observed malicious activity originating from a Trojanized version of the 3CX DesktopApp. \u201cThe software is a digitally signed version of the softphone desktop client for Windows and is packaged with a malicious payload,\u201d Sophos said in a blog post.A threat actor has abused the application to add an installer that communicates with command-and-control servers, Sophos said. \u201cThe Trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from GitHub and ultimately leads to a third-stage infostealer DLL still being analyzed as of the time of writing,\u201d SentinelOne said. CrowdStrike discovered that the malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and hands-on-keyboard activity.The information stealer can gather system information and sensitive data stored in Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox browsers. 3CX has appointed Mandiant cybersecurity firm to help it review this incident in full.