1/3/2024 0 Comments Ccleaner malware hack![]() The CCleaner malware shares code with tools used by Axiom, and a time stamp on a compromised server matched a Chinese time zone however, time stamps can be changed or modified, making it difficult to pinpoint origin.Ĭombined with the choice of tech targets, this raised concerns that CCleaner malware could be part of a state-sponsored attack. The server contained a database of every backdoored computer that had 'phoned home' to the hackers' machine between September 12 and 16".Īlthough there is no definitive evidence identifying the party responsible for the CCleaner malware, investigators discovered a link to a Chinese hacking group known as Axiom. This payload targeted approximately 20 of the largest tech companies, including Google, Microsoft, Cisco, and Intel, and infected 40 computers.Īccording to Wired, "Cisco says it obtained a digital copy of the hackers' command-and-control server from an unnamed source involved in the CCleaner investigation. A second stage payload was discovered by Cisco Talos. Unfortunately, the company soon discovered the malware infection was more severe than originally believed. It's believed more than 2 million users were infected. Initially, the company believed it was confined to the above versions running on a 32-bit Windows systems and that downloading upgraded versions of the program would solve the problem. It's believed the hackers compromised CCleaner's build environment to insert the malware.Īccording to different reports, the malware is capable of collecting specific data from an infected computer system, including IP addresses and information on installed and active software, and sending it to a third-party server located in the United States.ĬCleaner's parent company, Avast Piriform, found the malware on September 12, 2017, and immediately took steps to remediate the problem. The malware consisted of two Trojans, Trojan.Floxif and Trojan.Nyetya, inserted into the free versions of CCleaner version and CCleaner Cloud version. ![]() They turned a tool meant to scrub your computer clean of lurking malware into a serious threat to sensitive and personal information. Hackers took the legitimate program and inserted malicious code that was designed to steal data from users. However, in September 2017, CCleaner malware was discovered. In January 2017, CNET gave the program a "Very Good" rating. During the cleanup, malicious files buried in the system are also deleted. The software gets rid of temporary files that eat up disk space and invalid Windows registry keys. : This story has been updated to include additional comment from Avast.CCleaner is a utility program designed to delete unwanted files from a computer. "In many organisations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources." "By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates," the Talos team wrote. ![]() Worryingly, it appears to be part of a growing trend. Accounting firm MeDoc unknowingly disseminated the malware through an automatic software update. ![]() When the Petya/NotPetya malware infected computers across Ukraine and the world in July, it was spread by an infected piece of software. While the spread of malware is common, the compromise of CCleaner is the second prominent incident this year where malicious code has been distributed by a legitimate-looking software update. "We disclosed everything that happened in a blog when we were cleared to do so," Steckler wrote. He added the CCleaner server was taken down before "harm was done to customers" and that the firm had worked with law enforcement officials to try and identify the source of the attack. Steckler said Avast had solved the problem "within approximately 72 hours of discovery". In a follow-up blog post Avast CEO Vince Steckler said people were interested in the CCleaner problems due to the publicity of the Equifax data breach. It also said it "disarmed the threat before it was able to do any harm". Overall the company believes that 2.27 million users had installed the affected version of the software on 32-bit Windows machines. "At this stage, we don’t want to speculate how the unauthorised code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it," Piriform wrote on its blog.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |