26. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

RTM Group found the malicious code in the finalized 1C software by outsourced programmers. Experts estimate that with its help the fraudsters could steal the data of several dozens of companies. 1C called the described scheme technically imperfect and recognized that the platform modules can be finalized by third-party specialists and subsequently used by criminals. 

A representative of the information security company RTM Group said that the data of several dozen companies were stolen through malicious code in 1C modules, which were being finalized by programmers on outsourcing. 

According to him, at least a third of 1C users order the completion of some modules from third-party programmers who can embed malicious code in them. As a result, such modules, when checking the license key, send the data available in them about customers, payments, and potential contracts to an email address that is pre-registered. 

The victims of the scheme were several dozen companies engaged in the trade or distribution of software. The representative of the RTM Group noted that the materials were sent to law enforcement agencies. 

The representative of 1C called the described scheme technically imperfect since the license check is performed at the “core” level of the system, the code of which is closed. At the same time, he acknowledged that the platform modules can be modified by third-party specialists and used by attackers i

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: