Those interested in more technical details can peruse Talos’ full vulnerability report here. Should you happen to be one of the millions of users that downloaded the infected version 5.33, your best bet is to head to Piriform’s website here and update to the latest iteration of CCleaner. “To the best of our knowledge, the second-stage payload never activated… It was prep for something bigger, but it was stopped before the attacker got the chance.” But based on all the knowledge, we don’t think there’s any reason for users to panic. Speaking to Forbes, Avast chief technical officer Ondrej Vlcek said that, “2.27 million is certainly a large number, so we’re not downplaying in any way. What is particularly jarring is that it appears the infected app was signed with a valid certificate Symantec issued to Piriform (recently acquired by Avast).Īccording to reports, the malware-infested version of CCleaner was downloaded by 2.27 million users. Talos’ report warns that the malware was found in CCleaner version 5.33, which was actively distributed between August 15 and September 12. Though it in no way alleviates the blunder, the appmaker says all stolen data was encrypted and unlikely to be accessed. Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc. MAC addresses of first three network adapters.Discovered in September 2017, CCleaner malware was designed by hackers to steal sensitive data from unsuspecting users. List of installed software, including Windows updates CCleaner malware is a malicious program disguised as legitimate software called CCleaner.Sean Michael Kerner is a senior editor at eWEEK and malware was also programmed to collect a bunch of user data, including: One of the ways that some organizations attempt to secure downloads is with an approach known as The Update Framework (TUF), which provides controls to help secure updates. In the recent NotPetya ransomware incident, an alleged root cause was a malware-infected update of widely used Ukrainian tax software. Infecting legitimate software with malware is not a new hacker technique and has been used in multiple attacks. Cisco Talos researchers speculate that attackers could have compromised a developer account that provided access or possibly were able to directly exploit a system within the CCleaner build environment. It’s not currently known how the CCleaner attackers were able to modify the code to include the backdoor code. 15, meaning that users were exposed to risk of infection from the backdoor for approximately one month. According Cisco’s analysis, the infected version of CCleaner was first released on Aug. The Cisco Talos researchers noted that they discovered the CCleaner malware while performing customer beta testing of a new exploit detection technology. Although Piriform’s disclosure only mentioned Avast Threat Labs as helping in the analysis, Cisco Talos claims that it reported the security issue to Avast on Sept. While Avast and Piriform are not speculating on how long the attackers might have been in the CCleaner servers, Cisco’s Talos research group has made its own observations. “At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” Yung stated. Such a backdoor is capable of receiving and running code from an attacker command and control server. “Based on further analysis, we found that the version of CCleaner and the version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.”Īccording to Piriform, CCleaner was modified by an unknown attacker to include a two-stage backdoor. “A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version of CCleaner, and CCleaner Cloud version, on 32-bit Windows systems,” Paul Yung, vice president of products at Piriform, wrote in a statement. Piriform has contacted law enforcement, shut down the impacted download server and updated CCleaner to version 5.34. “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”Īvast acquired Piriform in July, and in a statement Piriform thanked Avast Threat Labs for analyzing the attack. “We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” a spokesperson for software security vendor Avast told eWEEK. 18, Piriform publicly revealed that its servers had been hacked, with attackers modifying CCleaner with a backdoor that possibly infected millions of users. More than 2 billion users around the world have downloaded the Piriform CCleaner tool to help remove unwanted files and keep their systems secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |