![]() “In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm,” Yung said. Users of CCleaner Cloud version have received an automatic update. However, the threat has been neutralized, according to Piniform Vice President Paul Yung, who explained that the rogue server the hackers used to control the code is down, and other servers no longer are in the attackers’ control.Īll users who downloaded the infected version of the program for Windows, CCleaner v, have received the latest version of the software. Two versions of the program were modified illegally before they were released to the public, Piniform said. CCleaner is designed to rid computers and mobile phones of junk, such as unwanted applications and advertising cookies. The malware infecting CCleaner could give hackers control over the devices of more than 2 million users. Piniform is owned by Avast, whose security products are used by more than 400 million people. Malicious code has been discovered in two versions of Piniform’s CCleaner housekeeping utility, the company disclosed on Monday. Sean Michael Kerner is a senior editor at eWEEK and : John P. One of the ways that some organizations attempt to secure downloads is with an approach known as The Update Framework (TUF), which provides controls to help secure updates. In the recent NotPetya ransomware incident, an alleged root cause was a malware-infected update of widely used Ukrainian tax software. Infecting legitimate software with malware is not a new hacker technique and has been used in multiple attacks. ![]() Cisco Talos researchers speculate that attackers could have compromised a developer account that provided access or possibly were able to directly exploit a system within the CCleaner build environment. It’s not currently known how the CCleaner attackers were able to modify the code to include the backdoor code. ![]() 15, meaning that users were exposed to risk of infection from the backdoor for approximately one month. According Cisco’s analysis, the infected version of CCleaner was first released on Aug. The Cisco Talos researchers noted that they discovered the CCleaner malware while performing customer beta testing of a new exploit detection technology. Although Piriform’s disclosure only mentioned Avast Threat Labs as helping in the analysis, Cisco Talos claims that it reported the security issue to Avast on Sept. While Avast and Piriform are not speculating on how long the attackers might have been in the CCleaner servers, Cisco’s Talos research group has made its own observations. “At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” Yung stated. Now, it turns out that the hackers managed to infiltrate the company's network almost five months before they first replaced the official. Such a backdoor is capable of receiving and running code from an attacker command and control server. The malware attack infected over 2.3 million users who downloaded or updated their CCleaner app between August and September last year from the official website with the backdoored version of the software. “Based on further analysis, we found that the version of CCleaner and the version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.”Īccording to Piriform, CCleaner was modified by an unknown attacker to include a two-stage backdoor. “A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version of CCleaner, and CCleaner Cloud version, on 32-bit Windows systems,” Paul Yung, vice president of products at Piriform, wrote in a statement. CCleaner has been downloaded more than 2 billion times according. Piriform has contacted law enforcement, shut down the impacted download server and updated CCleaner to version 5.34. Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”Īvast acquired Piriform in July, and in a statement Piriform thanked Avast Threat Labs for analyzing the attack. “We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” a spokesperson for software security vendor Avast told eWEEK. 18, Piriform publicly revealed that its servers had been hacked, with attackers modifying CCleaner with a backdoor that possibly infected millions of users. More than 2 billion users around the world have downloaded the Piriform CCleaner tool to help remove unwanted files and keep their systems secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |