Unexpected malware threat installed on unexpected device

Share This Post

Landline phones are unexpected devices to be used as a way to infiltrate systems by threat actors, but as cybersecurity news outlet Cybernews points out, modern handsets are often connected to the internet of things, displaying contact information, storing voicemails and call logs, and more. Call centers and companies that use communication software via handsets are at risk.

Not even corded phones are safe, according to cybersecurity specialists who found more than 500,000 different malware samples in the Elastix communication software used by landline provider Digium. Hackers targeted Digium phones by implanting a web shell (allowing a web server to be accessed remotely) for data exfiltration purposes, said Unit 42 of cybersecurity firm Palo Alto. From late December 2021 to the end of March 2022, the attack took place.


  • “The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution and schedules recurring tasks to re-infect the host system,” the report states. “Moreover, the malware implants a random junk string to each malware download in an attempt to evade signature defenses based on indicators of compromise (IoCs).”

  • The threat actors targeted the Elastix software Digium phones use, which is the largest open source software solution for unified communications server software. It brings together email, IM, faxing, collaboration functionality, and Internet Protocol (IP) Private Branch Exchange (PBX). As the report points out, it has a web interface and includes capabilities such as call center software with predictive dialing.

While Unit 42 doesn’t state if businesses or users were affected by the malware attack, it’s worth noting that malware attacks can spread to a selection of devices — not only through malware-infested Android apps or spyware on iPhones. To keep your phones and laptops safe, be sure to check out the best antivirus apps. And, for a better look at the different types of malicious attacks, find out the differences between spyware and stalkerware.


Related Posts

After a data breach, HPE says Aruba customer data was exposed

HPE acquired Aruba Networks in 2015 for $3 billion...

YouTube is testing a new navigation drawer for Android users

As explained above, the new functionality will open a...

In-depth study of the Renkus-Heinz PCX series

Passive UniBeam technology is essentially a passive crossover network...

2022 MacBook Comparison between Air and Dell XPS 13 Plus

The M2 MacBook Air, packing Apple’s latest Apple Silicon...

IBC: Radix will release the new version of Android TV Manager

Michael Shoham, Radix CEO, said: “With telcos, operators and...