Beware! You may be running compromised CCleaner version

Rodiano Bonacci
Settembre 20, 2017

More than two million users downloaded compromised software of Piriform. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud.

Piriform said in a news release that it had worked with US law enforcement to shut down a server located in the United States to which traffic was set to be directed.

Researchers at Talos, Cisco's threat intelligence team, said they discovered the malware after observing that data from CCleaner was being sent to an unknown IP address.

Following this, it's best to run a scan of your computer, either via your antivirus program if you have one, or by downloading MalwareBytes Anti-Malware Free. "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates". The attack was carried out in a similar manner as "NotPetya" attack in June 2017. "Frequently, as with Nyetya, the initial infection vector can remain elusive for quite some time".

"There is nothing a user could have noticed", Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. This lasted until 12 September, when it updated its servers with a new version of CCleaner.

Yung said anyone using CCleaner version 5.33.6162 should update the software to version 5.34, which is available for download via the Piriform Web site. However, "the lack of automatic updates for the free edition of CCleaner may actually have reduced the total number of users put at risk by the compromised version", United Kingdom security writer Graham Cluley noted in his blog today.

If you're a user of CCleaner, find out if you're affected and what you need to do next.

If you've recently downloaded CCleaner, it's possible your PC is affected.

Supply chain attacks are a very effective way to distribute malicious software into target organizations.

Yung said Piriform is taking detailed steps internally so that this doesn't happen again.

Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. "The investigation is still ongoing".

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE