Piriform, which is owned by Avast, claimed it has managed to remove the compromised versions of CCleaner “before it was able to do any harm”. The malicious code attempted to connect computers with recently registered web domains – a common tool used by hackers to download further malware onto infected computers. Piriform, which develops the CCleaner software designed to remove unwanted files from Android phones and Windows PCs, said it had identified “suspicious activity” in two versions of the program which it found had been “illegally modified”. The latest version is available for download here.A security firm has apologised after hackers inserted malicious code into versions of its software that were downloaded by customers. However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.Īffected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week," Talos said. "The impact of this attack could be severe given the extremely high number of systems possibly affected. Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.Īccording to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app.List of installed software, including Windows updates.The malicious software was programmed to collect a large number of user data, including: "The encoded information was subsequently submitted to an external IP address .x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request." "All of the collected information was encrypted and encoded by base64 with a custom alphabet," says Paul Yung, V.P. Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers' server went down, the DGA could generate new domains to receive and send stolen information. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide.Īvast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v and CCleaner Cloud v were affected by the malware.ĭetected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker's remote command-and-control servers. This incident is yet another example of supply chain attack. Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month. CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |