![]() The malicious version was also found to have been signed using a valid certificate that was issued to Piriform Ltd by Symantec and is valid through October 10th, 2018. ![]() This led experts to conclude that the CCleaner malware was actively being released between those two dates. On September 12th, Piriform released the v5.34 of the application. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.”įurthermore, it was also discovered that the affected version (v5.33) was released and distributed starting August 15th. “During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. CCleaner V5.33 carrying the CCleaner Malware | Talos | The installer was said to be delivered to endpoints by legitimate download servers. “On September 13th, 2017, while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems,” says Talos.Ĭloser inspection of the said malicious executable led the security experts to an installer for CCleaner v5.33. The malicious version of the application was said to contain multi-stage malware payload that steals data from compromised computer systems and sends them back to the remote command-and-control servers of the hackers. Threat analysts from Talos reported that the CCleaner malware was just detected last September 13th. Reports from Ukraine Cyber police confirmed that the effects of the supply chain attack was broad reaching and compromised over 2000 companies in Ukraine alone. Further investigations into the case lead the Talos researchers to a “supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware.” This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons.”Ī similar kind of attack, the Nyetya attack, was staged earlier this year and affected many organizations inside of Ukraine and multinational corporations operating in the said country. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. “Supply chain attacks are a very effective way to distribute malicious software into target organizations. ![]() Supply Chain AttacksĪccording to Talos, the hacking of the CCleaner hack is another example of supply chain attack. The company also boasts that per month, the application can clean over 35 million GB of space–or about 7 billion selfies-worth of data. CCleaner is an application that allows its users to conduct routine maintenance on their computer systems.Īccording to the Piriform website, the creator of CCleaner acquired by Avast in July of this year, the CCleaner application has over 2 billion downloads worldwide as of November 2016. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.”Īvast, a company which focuses on developing antiviruses and other security applications for Microsoft Windows, MacOS, Android, and iOS, owns CCleaner. “Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. ![]() If you’re one of the millions of individuals who downloaded the CCleaner application on your computer between this last August 15th and September 12th, be warned–your computer was potentially infected by the CCleaner malware.Ĭybersecurity experts from Cisco Talos, the threat intelligence group of Cisco, reported that unidentified hackers have successfully infiltrated the download servers of Avast that let users download the CCleaner app and replaced it with what they dubbed as the CCleaner malware.Ī part of the threat intelligence report that the Talos researchers published read: ![]()
0 Comments
Leave a Reply. |