Moreover, it was found that the attackers were then able to install a second-stage payload on 40 selected computers operated by major international technology companies, including Google, Microsoft, Cisco, Intel, Samsung, Sony, HTC, Linksys, D-Link, Akamai and VMware.
#Ccleaner cloud malware software#
The malicious version of CCleaner had a multi-stage malware payload designed to steal data from infected computers and send it back to an attacker-controlled command-and-control server.Īlthough Avast, with the help of the FBI, was able to shut down the attackers' command-and-control server within three days of being notified of the incident, the malicious CCleaner software had already been downloaded by 2.27 million users. September 13, 2017-Researchers at Cisco Talos detected the malicious version of the software, which was being distributed through the company's official website for more than a month, and notified Avast immediately. July 18, 2017-Security company Avast acquired Piriform, the UK-based software development company behind CCleaner with more than 2 billion downloads.Īugust 2, 2017-Attackers replaced the original version of CCleaner software from its official website with their backdoored version of CCleaner, which was distributed to millions of users. NET runtime library).īetween mid-April and July-During this period, the attackers prepared the malicious version of CCleaner, and tried to infiltrate other computers in the internal network by installing a keylogger on already compromised systems to steal credentials, and logging in with administrative privileges through RDP. The maintenance tool, which is said to improve computer performance, has been downloaded more than two billion times.April 12, 2017-A few days later, attackers installed the 3rd stage payload on four computers in the Piriform network (as a mscoree.dll library) and a build server (as a.
Launched in 2004, CCleaner is Piriform’s flagship solution. “We encourage any user of the 32-bit version of CCleaner v to download the latest version here.” “It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment.” “Working with US law enforcement, we caused this server to be shut down on September 15 before any known harm was done,” Piriform said. While Piriform said it has now patched the leak, the company said the infected software may have been used by 2.27 million people – or 3% of its user base. The malware caused the transmission of “non-sensitive data” – computer name, IP address, list of installed software, list of active software, and list of network adapters – to a third-party server in the US. Piriform, which was acquired by security firm Avast in July, said it determined on September 12 that the 32-bit version of CCleaner v and CCleaner Cloud v had been compromised in a “sophisticated manner”.Īccording to the London-based firm, a trojan was loaded into the download package – a so-called ‘supply chain attack’ – some point after August 15, when the CCleaner versions were released.
#Ccleaner cloud malware Pc#
One of the world’s most popular PC cleanup and optimization tools, CCleaner, has been hit by a malware attack thought to have affected more than two million customers, the app’s developer confirmed today. Download package loaded with data-harvesting trojan
0 kommentar(er)
