![]() ![]() A second stage payload was discovered by Cisco Talos. Unfortunately, the company soon discovered the malware infection was more severe than originally believed. It's believed more than 2 million users were infected. Initially, the company believed it was confined to the above versions running on a 32-bit Windows systems and that downloading upgraded versions of the program would solve the problem. It's believed the hackers compromised CCleaner's build environment to insert the malware.Īccording to different reports, the malware is capable of collecting specific data from an infected computer system, including IP addresses and information on installed and active software, and sending it to a third-party server located in the United States.ĬCleaner's parent company, Avast Piriform, found the malware on September 12, 2017, and immediately took steps to remediate the problem. The malware consisted of two Trojans, Trojan.Floxif and Trojan.Nyetya, inserted into the free versions of CCleaner version and CCleaner Cloud version. They turned a tool meant to scrub your computer clean of lurking malware into a serious threat to sensitive and personal information. Hackers took the legitimate program and inserted malicious code that was designed to steal data from users. However, in September 2017, CCleaner malware was discovered. In January 2017, CNET gave the program a "Very Good" rating. During the cleanup, malicious files buried in the system are also deleted. The software gets rid of temporary files that eat up disk space and invalid Windows registry keys. Such attacks are likely to continue for the coming years, especially as most companies migrate their infrastructure to centrally-managed cloud-based systems.CCleaner is a utility program designed to delete unwanted files from a computer. Supply-chain attacks are today's top threat, and government agencies in the US and France have recently issued alerts about an ongoing campaign perpetrated by Chinese hackers. "We believe all global software companies, including both Microsoft and us at Avast, will need to continue to vigilantly protect our networks from attacks by those who seek to damage us and our users," Avast told us.īut Avast and TeamViewer aren't the only companies that have been targeted only to serve as a jumping point into the network of other companies. As long as an app is good at its job, hackers are going to keep coming. As the company told ZDNet, the threats it's facing are no different than what its competitors are facing.įor example, TeamViewer, which offers an eponymously named product, also suffered a security breach at the hands of Chinese hackers back in 2016. However, this huge userbase is also the reason why Avast bought it in the first place.Īvast's plan of attack involves bolstering its security. The app's gigantic userbase makes CCleaner a perfect target for supply-chain attacks. It's an all-in-one system administration toolkit, and one very good at its job, if we're to look at its download numbers. The app now supports remote management features, hard drive defragmentation, email alerts, cloud-based management features, and many more. However, as previously stated in this article, today, CCleaner is more than just a "useless" registry cleaner. ![]() ![]() In the light of this second hack, many users have expressed their opinions today, claiming that Avast should just retire CCleaner, as the app is only a magnet for state-sponsored hackers, and that the app has no real purpose (many consider registry cleaner apps as being useless or plain harmful). While Avast refrained from attributing the attack to any threat actor, the Czech Security Information Service (BIS), the country's intelligence service, said in a press release today that Chinese hackers were behind this attack, just like in the first. ![]()
0 Comments
Leave a Reply. |