Researchers have recently unveiled malware in a version of CCleaner that collected its users’ sensitive information.
Avast, owner of popular computer cleaning software, CCleaner, has affirmed this past Monday that its users are at risk. Over two million users’ security might be compromised due to hacked servers.
According to CCleaner developer, Piriform, the software’s servers suffered a malicious attack between 15 August and 12 September. Developers have since the discovery of the hack, released an updated version, v5.33.6162, that is safe from potentially dangerous code.
Between 15 August and 12 September, a Trojan was included in the available downloading package. This code allowed the software to communicate sensitive information from the infected users to a server thought to be located in the US. According to Piriform, the data included, IP address, computer name, current installed software, current active software, as well as a list of network adapters.
However, the malware is more encompassing than a mere data breach. Infected devices also experienced a “second stage payload”. Yet, Piriform confirmed that this was never put into action.
Piriform vice president, Paul Yang, apologized to affected users via a blog post. He also added that investigations as to the origin of the attack and those responsible are still ongoing. At this point, they don’t have concrete evidence as to how the unauthorized code infiltrated the system.
According to Piriform, approximately 2.27m users suffered infection. Despite the infection, Piriform stated that these users are not necessarily at risk, as they took the necessary steps to disable the malware before it created damage. Piriform prevented any major damage, by disabling the command and control server before it could inflict harm.
The malware was uncovered by Talos Intelligence, a division of Cisco. The research team responsible notified Piriform on 13 September. Exactly one day after a new unhacked version of CCleaner had been released. To keep data safe, Talos has recommended that users update their software to the latest version.
Attaching malicious content to popular security software has become a growing trend amongst malicious attackers. This technique, often referred to as a “supply chain” attack is particularly effective because hackers are exploiting the trust relationship between a user and reputable security software in order to reach their goals.
During March 2016, a BitTorrent client Transmission containing malware was able to spread ransomware on Macs. The ransomware was active for three whole days before it was disabled and marked the first time that the iOS operating system experienced a ransomware attack. Earlier this year saw another notorious attack from a Ukrainian accounting software, MeDoc. The malware was responsible for seeding the NotPetya “ransomworm”. A type of ransomware that replications itself. This ransomware managed to attack companies like Merck, Maersk, and Cadbury’s.