CCleaner Hacked With Data-Stealing Malware: What to Do Now

CCleaner Hacked With Data-Stealing Malware: What to Do Now

by HENRY T. CASEY Sep 18, 2017, 5:42 AM
     
CCleaner, a system-optimization tool with more than 2 billion downloads worldwide, is used by many Windows, Mac and Android users who want looking to keep their devices running as fast as possible. Unfortunately for them, it appears that hackers decided to sneak their own code into a recent build of CCleaner for Windows in an attempt to steal data and possibly infect users' systems with even more malicious applications.

The attack took place by piggy-backing onto CCleaner by infiltrating the servers that distribute the software, infecting version 5.33 of the Windows utility and version 1.07 of its cloud-based sister application. Those servers belonged to Piriform, the London company that created CCleaner. In July of this year, Piriform was acquired by the Prague-based antivirus maker Avast.

If you've updated CCleaner since Aug. 15 and you're running 32-bit Windows, you may be infected. You should roll back to a pre-Aug. 15 snapshot of your system, or run a malware scan. Following either (or both) of those steps, visit Piriform's site to download and install the latest, clean version of CCleaner.

A report on this attack from technology company Cisco's Talos Intelligence blog notes that infected versions of CCleaner were observed "as recently as September 11," and that they alerted Avast of the issue on September 13. Before that, though, Piriform already knew something fishy was going on.

In a blog post from Paul Yung, VP of Products for Piriform, the exec noted that his company saw suspicious activity from "unknown IP address receiving data from software found in version 5.33.6162 of CCleaner" on Sept. 12, which led to Piriform taking the server down. This data transfer from CCleaner appeared to be the malware, identified as Floxif, phoning home to its command-and-control servers.

The infected version of CCleaner, 5.33 for Windows, was made available for download on Aug. 15, and its cleaned version, version 5.34, on Sept. 12. The infected version of CCleaner Cloud was made available on Aug. 24, and a clean version on Sept. 15. The Mac and Android versions of CCleaner do not appear to have been affected.

An Avast spokeswoman told Reuters that 2.27 million users had downloaded the infected version of CCleaner, and that 5,000 installations of CCleaner Cloud had received the tainted update to that software.

If you're on version 5.33 of CCleaner, which states its version number in its top left corner of its interface, your best bet may be to roll back your Windows system to a snapshot from before Aug. 15, as your system may have been compromised since then. At the very least, make sure your own anti-virus software is up to date.

Those without the option to restore a backup should check if their CCleaner is 5.33. Yung notes that that Piriform is updating all versions of its software up to non-malicious versions, but users can download a new copy here.

While CCleaner is a very popular application, claiming 5 million downloads per week, this infected version would not have hit all of those users. The free version of CCleaner must be manually updated. However, CCleaner is also built into some versions of Avast antivirus software, in which it is automatically updated. CCleaner Cloud is also automatically updated.

Cases such as this, where system-optimization or anti-virus software is infected by malware, are especially dangerous, as those programs take deep-level system privileges, and can do more damage than almost any other software. Even more importantly, the hacked version of CCleaner was signed with a legitimate copy of Piriform's developer certificate, which shouldn't have been available to the miscreants involved.

Fortunately, the impact of this affected version of CCleaner may be mitigated by more than its lack of automatic updates. The Floxif malware appears to infect only 32-bit Windows systems, and most PCs sold in the last 5 years run 64-bit Windows.

As to who is behind this attack and how they infected the official versions of CCleaner, Talos hasn't released anything yet, and Yung isn't providing any other details.

https://www.tomsguide.com/us/ccleaner-utility-malware-infected,news-25851.html


Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more