This devious backdoor installer gives hackers full control over courtroom devices

 Illustration of a laptop with a magnifying glass exposing a beetle on-screen.
Illustration of a laptop with a magnifying glass exposing a beetle on-screen.

An update for software that records court proceedings was contaminated with malware, granting persistent access to still unknown threat actors, experts have warned.

Cybersecurity researchers Rapid7 discovered and reported the corruption to the software makers. The infestation has since been cleared, but the effects of the supply chain attack are not yet fully known.

The software in question is called JAVS Viewer 8, part of JAVS Suite 8, a group of software products used by courtrooms to record, play back, and manage audio and video from court proceedings. According to its makers, Justice AV Solutions, more than 10,000 courtrooms across the US and elsewhere around the world, are using the software.

No witnesses

As reported by Rapid7, the website recently hosted an updated version of JAVS Viewer 8, which also carried a backdoor that allowed its creators persistent access to infected devices. The contaminated version is designated as 8.3.7, and was pulled from the site sometime before April 1, 2024.

“Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action,” Rapid7 said in its report. “This version contains a backdoored installer that allows attackers to gain full control of affected systems.”

According to Ars Technica, at least 38 endpoints were infected, and cleaning up the device takes a little effort.

Following the findings, JAVS said it took steps to clean up the malware: “We pulled all versions of Viewer 8.3.7 from the JAVS website, reset all passwords, and conducted a full internal audit of all JAVS systems,” the company said in a statement. “We confirmed all currently available files on the website are genuine and malware-free. We further verified that no JAVS Source code, certificates, systems, or other software releases were compromised in this incident.”

More from TechRadar Pro