A second stage payload was discovered by Cisco Talos. Unfortunately, the company soon discovered the malware infection was more severe than originally believed. It's believed more than 2 million users were infected. Initially, the company believed it was confined to the above versions running on a 32-bit Windows systems and that downloading upgraded versions of the program would solve the problem. It's believed the hackers compromised CCleaner's build environment to insert the malware.Īccording to different reports, the malware is capable of collecting specific data from an infected computer system, including IP addresses and information on installed and active software, and sending it to a third-party server located in the United States.ĬCleaner's parent company, Avast Piriform, found the malware on September 12, 2017, and immediately took steps to remediate the problem. The malware consisted of two Trojans, Trojan.Floxif and Trojan.Nyetya, inserted into the free versions of CCleaner version and CCleaner Cloud version. They turned a tool meant to scrub your computer clean of lurking malware into a serious threat to sensitive and personal information. Hackers took the legitimate program and inserted malicious code that was designed to steal data from users. However, in September 2017, CCleaner malware was discovered. In January 2017, CNET gave the program a "Very Good" rating. During the cleanup, malicious files buried in the system are also deleted. The software gets rid of temporary files that eat up disk space and invalid Windows registry keys. A malware scan to check if the system has been compromised is also highly recommended.CCleaner is a utility program designed to delete unwanted files from a computer. The incident is still undergoing investigation, where both Piriform and Avast are still working to clarify how and why the hack that affected millions of their users took place in the first place.Īll affected users are urged to download CCleaner v5.34 as soon as possible. All the collected information was encrypted and sent to a remote server in the US. Not surprisingly, the backdoor could collect sensitive information about the breached systems, consisting of name of the computer, its IP address, list of installed software, running processes and such. In fact, it was a “ a two-stage backdoor capable of running code received from a remote IP address on affected systems,” as depicted by Paul Yung, Piriform’s VP of Products. The executable that was flagged was signed with a valid digital certificate issued to Piriform, researchers explain, but it had an additional payload. Cisco researchers were beta testing a new exploit detection technology when they came across the bothersome finding. Related Story: Latentbot – the Advanced Backdoor with Stealthy Capabilities How Was the Hack Discovered?Ĭisco was the first company to acknowledge that there was something wrong with the program. It’s also not a secret that the program’s weekly installations are more than 5 million. 2016 numbers show that the total number of downloads is approximately 2 billion. The popularity of the program among users worldwide is still a widely known fact, which means millions of users were affected. However, no actual numbers were revealed. How and Why Was CCleaner Backdoored? How Many Users Are Affected?Īccording to Piriform’s internal statistics, up to 3% of their users use the two versions of the software. Piriform also encourages all users of the 32-bit version of CCleaner v to download v5.34 immediately. No other Piriform or CCleaner products were affected. This compromise only affected customers with the 32-bit version of the v of CCleaner and the v of CCleaner Cloud. We resolved this quickly and believe no harm was done to any of our users. We recently determined that older versions of our Piriform CCleaner v and CCleaner Cloud v had been compromised. Here is what Piriform has stated on the matter: Apparently, the 32-bit version of v of CCleaner and the v of CCleaner Cloud were breached. Nonetheless, the hack has been confirmed by Piriform, the developer company that was recently acquired by Avast. Unfortunately, researchers still haven’t figured out the details surrounding the event, and it’s still unknown how it happened. CCleaner, ‘the world’s most popular PC cleaner’ has been backdoored, researchers confirmed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |