This is luckily described as “non-sensitive” by Piriform, while there are “no indications that any other data has been sent to the server.”Ĭuriously, the file was still digitally signed using a valid certificate by the developer, prompting Cisco’s Talos researchers to conclude that “it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.”Īlternatively, “It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code,” the researchers added. The researchers found a “Domain Generation Algorithm (DGA) attached to the executable, as well as a hardcoded Command and Control (C2) functionality.” This gave the attackers capability to harvest data from infected machines such as the computer name, IP address and lists of installed and active software. ![]() The popularity of the application resulted in the researchers’ decision to move quickly on the matter, prompting developers Piriform to release a stable version of CCleaner 5.34 and automatically updating the Cloud server. Researchers at Cisco’s Talos Intelligence Group determined that the attack occurred between 15th August until 12th September, affecting versions CCleaner and CCleaner Cloud. As the maintenance tool is free, its downloads are well into the millions meaning up to 3.9 million users could be affected. Avast owned CCleaner hasn’t been clean itself for the past month, with hackers piggybacking malware on the software for at least a month.
0 Comments
Leave a Reply. |