Malware discovered in CCleaner put millions of users at risk

Cesar Mills
September 19, 2017

The details are still being reconstructed, but it appears hackers compromised the server the CCleaner executable (i.e. the program you download) was stored on and put the malware over the top, sort of like somebody sneezing on your salad before handing it to you.

Research firm Cisco Talos discovered hackers had compromised the CCleaner software at some stage of development.

The security team's blog said the signed version of CCleaner 5.33 distributed by Avast contained a multi-stage malware payload.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June's "NotPetya" attack on companies that downloaded infected Ukrainian accounting software.

The researchers caught the issue when they spotted a version of CCleaner making requests to communicate with suspicious website domains.

CCleaner, software that is created to speed up PC and smartphone performance by removing unneeded or unecessary files, is the latest victim of hackers hijacking legitimate software to spread malware and gain access to infected systems. When the Petya/NotPetya malware infected computers across Ukraine and the world in July, it was spread by an infected piece of software.

The company said it was working with U.S. law enforcement agencies to discover who was behind the incident.

"The compromise could cause the transmission of non-sensitive data...to a 3rd party computer server in the United States of America", the company said.

Samsung finally lets you disable the Galaxy S8
In more Samsung news, the Korean manufacturer is working on a 100ofps image sensor, which will go in mass production in November. Unfortunately, Samsung really wanted that button to remain tied to Bixby , so it began blocking those applications.

Marvel Vs. Capcom: Infinite DLC Characters Announced, Include Venom And Monster Hunter
Purchasing the Deluxe Edition of Marvel vs Capcom: Infinite for $89.99 will unlock them all as they are made available. However, official images for Monster Hunter , Winter Soldier, Black Widow, and Venom have yet to be shared.

Kryie Irving Sits Down With ESPN's First Take, Exquisitely Roasts Max Kellerman
The newest member of the Boston Celtics said he believes he can win without the King. Among the topics Irving covered with hosts Stephen A.

It gathers information like your IP address, computer name, a list of installed software on your computer, a list of active software and a list of network adapters and sends it to a third-party computer server.

"We confirmed that this malicious version of CCleaner was being hosted on CCleaner's download server as recently as September 11", it stated.

If your system used the compromised version of CCleaner it may actually be a smarter move to roll your system back to a date prior to the release of the versions containing the malicious code to make sure all elements of the bad code are gone.

Users of CCleaner Cloud have already received an automatic update that removes the threat.

Cisco Talos suspects the attack was possible thanks either to CCleaner's build environment being compromised or someone with inside access.

"Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process". According Cisco's analysis, the infected version of CCleaner was first released on August 15, meaning that users were potentially exposed to risk of infection from the backdoor for approximately one month.

Piriform hasn't said when or how the attacker inserted the malware. "We are working with USA law enforcement in their investigation", the company said.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER