![]() If you use a software tool called CCleaner to keep your Windows PC humming smoothly, keep reading: the. A malware scan to check if the system has been compromised is also highly recommended. CCleaner Malware Hack: What to Know and How to Protect Yourself. The incident is still undergoing investigation, where both Piriform and Avast are still working to clarify how and why the hack that affected millions of their users took place in the first place.Īll affected users are urged to download CCleaner v5.34 as soon as possible. All the collected information was encrypted and sent to a remote server in the US. If you use a software tool called CCleaner to keep your Windows PC humming smoothly, keep reading: the utility was just indicted by Piriform, the British com. Not surprisingly, the backdoor could collect sensitive information about the breached systems, consisting of name of the computer, its IP address, list of installed software, running processes and such. also contained a multistage malware payload that rode on top of the installation of Cleaner, the blog reported. For a period of time, the legitimate signed version of CCleaner 5.33. In fact, it was a “ a two-stage backdoor capable of running code received from a remote IP address on affected systems,” as depicted by Paul Yung, Piriform’s VP of Products. The hack involved malware that potentially allows them to access a user’s computer and steal data, according to security blog Talos Intelligence. The executable that was flagged was signed with a valid digital certificate issued to Piriform, researchers explain, but it had an additional payload. ![]() Cisco researchers were beta testing a new exploit detection technology when they came across the bothersome finding. Related Story: Latentbot – the Advanced Backdoor with Stealthy Capabilities How Was the Hack Discovered?Ĭisco was the first company to acknowledge that there was something wrong with the program. It’s also not a secret that the program’s weekly installations are more than 5 million. 2016 numbers show that the total number of downloads is approximately 2 billion. The popularity of the program among users worldwide is still a widely known fact, which means millions of users were affected. However, no actual numbers were revealed. How and Why Was CCleaner Backdoored? How Many Users Are Affected?Īccording to Piriform’s internal statistics, up to 3% of their users use the two versions of the software. Piriform also encourages all users of the 32-bit version of CCleaner v to download v5.34 immediately. No other Piriform or CCleaner products were affected. This compromise only affected customers with the 32-bit version of the v of CCleaner and the v of CCleaner Cloud. We resolved this quickly and believe no harm was done to any of our users. We recently determined that older versions of our Piriform CCleaner v and CCleaner Cloud v had been compromised. Here is what Piriform has stated on the matter: Apparently, the 32-bit version of v of CCleaner and the v of CCleaner Cloud were breached. Nonetheless, the hack has been confirmed by Piriform, the developer company that was recently acquired by Avast. Unfortunately, researchers still haven’t figured out the details surrounding the event, and it’s still unknown how it happened. The other possibility is a malicious insider, it notes.CCleaner, ‘the world’s most popular PC cleaner’ has been backdoored, researchers confirmed. Given this and other evidence it found, the researchers believe it's likely an external attacker compromised part of Piriform's development environment to plant malware in CCleaner. Cisco's Talos team note that the affected version of CCleaner was signed with a valid certificate that Symantec issued to Piriform. Piriform hasn't determined how its software became compromised. CCleaner users who haven't updated need to do so manually. Avast Antivirus users also got an automatic update. It also pushed a notification to CCleaner users to update to version 5.3, which doesn't contain compromised code, while automatically updating CCleaner Cloud to a clean version. The company says it has worked to remove affected versions that were being distributed on third-party download sites. It would have been an impediment to the law enforcement agency's investigation to have gone public with this before the server was disabled and we completed our initial assessment," the company said in a statement. "Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |