CCleaner: 2m users install anti-malware program … that contains malware

5 years ago - September 19, 2017
Tool now owned by security firm Avast was hacked via a supply chain attack, an increasingly common method of infection

More than two million users of anti-malware tool CCleaner installed a version of the software that had been hacked to include malware, the app’s developer confirmed on Monday.

Piriform, the developer of CCleaner now owned by security firm Avast, says that its download servers were compromised at some point between 15 August, when it released version v5.33.6162 of the software, and 12 September, when it updated the servers with a new version.

In that period, a trojan was loaded into the download package which sent “non-sensitive data” from infected users’ computers back to a server located in the US. The data, according to Piriform, included “computer name, IP address, list of installed software, list of active software, list of network adapters”.

As well as the data leak, however, the infection also resulted in a “second stage payload” being installed on to the affected computer – another piece of malware, which Piriform says was never executed.

“At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” the company’s vice president, Paul Yung, said.

The company says 2.27m users were infected, but added that “we believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm”. By taking down the “command and control” server, Piriform may have prevented the infection being used to inflict further damage.

The breach was independently discovered by Cisco’s Talos Intelligence research team, who notified Piriform on 13 September, one day after the clean version of the software had been released in a regularly scheduled update. Talos recommends that affected systems be restored “to a state before August 15, 2017, or reinstalled”, advice which Piriform does not repeat.

Compromising downloads to trusted software is an increasingly common route by which malware authors infect devices. The method, known as a “supply chain” attack, works because “the attackers are relying on the trust relationship between a manufacturer or supplier and a customer”, Talos says.

In March 2016, a compromised version of BitTorrent client Transmission spread ransomware on Macs for three days, the first functioning ransomware attack on the operating system. Notoriously, a successful hack on Ukrainian accounting software MeDoc was responsible for seeding the NotPetya “ransomworm” – a self-replicating piece of ransomware – that took down companies including Merck, Maersk and Cadbury’s.

Text by Guardian

We also recommend

Tags Cloud
2010accidentsadvertisingAfrAsiaafricaagalegaagroAir Franceair mauritiusAirlinesairportairway coffeeAlvaro SobrinhoamazonAmeenah Gurib-FakimAMLandroidApollo Bramwellappleappointmentsappsarrestasiaauditaudit reportaustraliaaviationawardsBABagatelleBAIBangladeshbankbanksbarclaysbeachbeachesBeau Bassin-Rose HillbetamaxBOIboko haramBollywoodBOMbombingbpmlBPOBramer BankbrazilbrexitbudgetBusinessCanadacanecareercareer tipscasinoCCIDCCMCEBcementChagosCHCchinaCIELcigarettesconferenceConfinementCongoconstructioncontestCoronaviruscorruptionCourtCourtscouvre-feuCOVID-19CPBCPEcreativitycrisiscruise shipsCSOCT PowerCultureCurepipecustomerscustomsCWAcyclonedamDawood RawatDBMdeficitdenguedevelopmentdoctorsDomaine les PaillesDPPdrug traffickingdrugsDTAADuty FreeearthquakeebolaecoécoleseconomyEducationEgyptelectionselectoral reformelectricityEmiratesEmtelenergyENLentrepreneurshipEUEuropeeventsexamexamsexpoexportfacebookfairfarmersfeeFIFA World CupfinancefinancesFirefishfishingFlacqFlic-en-FlacFloodsfoodFootballforecastforeign workersFrancefraudfruitsFSCfuelfunnyGAARgamblinggamesgasgazaGermanygooglegovernmentGRAgreengreen energyhackershajjhawkershealthhealthcareHeritage Cityhistoryholidayshorse racingHospitalhotelhotel businesshotelshow toHRHRDCHSBCHSCIBLICACICTICTAID cardillegal fishingIMFimportindiaIndian OceanIndonesiainflationinfrastructureinnovationsinsuranceinternetInterviewinterview tipsinvestmentinvestmentsiosiPadiphoneiraniraqIRSISISisraelITItalyjapanJin FeijobjobsjournalismKenyalandlawlawslayoffsleadershipLepeploanslocal governmentLockdownlotteryLRTLufthansaMadagascarmalaysiamalaysia airlinesmanagementmanagement tipsmanufacturingmarketmarketingmarketsMauBankMauritiansmauritiusMBCMCBMCCImeccaMedical CouncilmedicamentsmedicineMedPointmeetingMEFMESMetro ExpressMEXAMicrosoftMIDMIEmigrationminimum salaryminimum wageMITDmlMMMmoneymoney launderingmotivationmoviesMozambiqueMPAMPCMPCBMRAMSCMSMMTMTCMTPAMusicMV BenitaNandanee SoornackNarendra ModinatureNavin RamgoolamNavind KistnahNCBNDUnetworkingNew Mauritius HotelsNHDCNigeriaNobel Prizenorth koreaNTCNWCCofficialsoffshoreoilOlympic GamesOmnicaneorangeOUMPakistanpalestineparliamentPaul BérengerPhilippinesPhoenix Beveragespicture of the daypiracyplagePMPMOpmsdPNQpolicepoliticsportPort LouisPort-LouisPravind JugnauthPRBpricepricesproblemprostitutionprotestspsacPSCpsychologyPTRpublic servicequatre-bornesrainsRakesh Gooljauryratingsreal estatereformsrepo rateRESrestaurantsresultresultsReunionriceroadsRoches-Noires caseRodriguesRogersRose-HillRoshi BhadainRussiaSAJsalariessalarysalessamsungsaudi arabiasbmSCscamscandalscholarshipsSchoolschoolssciencesecuritySeychellessharksshootingshoppingshopping mallSICsicomsingaporeSITskillssmart citysmartphonesSMeSMEDASobrinho casesocial mediasocial networks & messengerssolar energysouthsouth africasouth koreasportSportsstartupsstatisticsstatsSTCstrategystreet vendorsstrikestudysuccesssugarSun Tan caseSunkai casesyriaTAtabletsTanzaniataxtax heaventaxesteaTECtechnologytelecomterrorismtextilethailandthefttime managementtipstourismtradingtrainingstransporttrendstunaTurfTurkeyTVtyphoonukukraineunemploymentunionsuniversityuomUSUTMvacanciesVacoas Popular Multipurpose Cooperative SocietyVacoas-Phoenixvarma casevegetablesVideo of the DayvisaVishnu LutchmeenaraidooWaterWaterparkWeatherWhitedot Casewi-fiWMAWorld BankXavier-Luc DuvalYEPzimbabwe