![]() It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code.”Ĭisco Talos researchers immediately informed Avast of the problem, and offending versions of the CCleaner installer containing the malicious payload are no longer available from the CCleaner download website. “…it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization. ![]() What make things most concerning is that the malicious code was digitally signed using a valid digital certificate issued to the software’s developer Piriform, who were acquired by anti-virus firm Avast just two months ago.Ĭisco Talos researchers warn that the fact the binary was digitally signed using the software developer’s valid certificate is of particular concern: Researchers at Cisco Talos, who first identified the problem, discovered that the installer for CCleaner v5.33 – first delivered to users’ computers by the legitimate CCleaner download servers on Aug– was the culprit. The stolen data was then sent to a US-based server under the control of a hacker. Once in place, the malware would wait five minutes, determine if the user had admin privileges, and then steal information from PCs, such as the computer’s name, a list of installed software and Windows updates, running processes, MAC addresses of network adapters alongside additional information. Last year, CCleaner was boasting that it had been downloaded in total over two billion times, and was seeing five million additional users per week.Īs a security notification on CCleaner’s support forum explains, CCleaner v and CCleaner Cloud v were compromised. The scale of the potential threat cannot be underestimated. Because CCleaner has suffered a “security incident” which saw users updated with a legitimate digitally-signed version of the software which opened a malicious backdoor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |