An update to the software that records court proceedings was contaminated with malware, granting persistent access to as-yet-unknown threat actors.
This is according to a new report from cybersecurity researchers Rapid7, who discovered and reported the corruption to software makers. The infestation has since been eliminated, but the effects of the attack on the supply chain are not yet fully known.
The software in question is called JAVS Viewer 8. It is part of JAVS Suite 8, a set of software products used in courts to record, playback and manage audio and video of court proceedings. According to its creators, Justice AV Solutions, more than 10,000 courtrooms in the U.S. and elsewhere around the world are using the software.
No witnesses
As reported by Rapid7, the javs.com website recently hosted an updated version of JAVS Viewer 8, which also had a backdoor that allowed its creators persistent access to infected devices. The contaminated version is designated as 8.3.7 and was removed from the site sometime before April 1, 2024.
“Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action,” Rapid7 said in its report. “This version contains a backdoor installer that allows attackers to gain full control of affected systems.”
According Ars TechniqueAt least 38 endpoints were infected and cleaning the device requires some effort.
Following the findings, JAVS said it took steps to clean up the malware: “We removed all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and performed a full internal audit of all JAVS systems,” the company said in a statement. “We confirm that all files currently available on the JAVS.com website are genuine and free of malware. Additionally, we verified that no JAVS source code, certificates, systems, or other software versions were compromised in this incident.”
