AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Ccleaner compromised11/9/2023 ![]() ![]() Only the cloud version could be updated automatically to remove the bad code. A new, uncompromised version of CCleaner was released the same day and a clean version of CCleaner Cloud was released on Sept. Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. A spokeswoman said that 2.27 million users had downloaded the August version of CCleaner while only 5,000 users had installed the compromised version of CCleaner Cloud. It advised users of CCleaner v and CCleaner Cloud v to download new versions. In a blog post, Piriform confirmed that two programs released in August were compromised. ![]() “There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program. Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software. At the time of the acquisition, the company said 130 million people used CCleaner.Ī version of CCleaner downloaded in August and September included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s Talos unit said. Its useful features are removing useless UWP crap without a command line, and organizing your add/remove programs menu. And ignore its cleaning abilities, unless you're doing it for some special pupose. The malicious program was slipped into legitimate software called CCleaner, which cleans up junk programs and advertising cookies to speed up devices.ĬCleaner is the main product made by London’s Piriform, which was bought in July by Prague-based Avast, one of the world’s largest computer security vendors. You just should turn of all telemetry and ads in the settings. This came after security researchers at Cisco Systems Inc CSCO.O and Morphisec Ltd alerted Piriform's parent Avast Software of the hack last week. Piriform said it worked with law enforcement and cut off communication to the servers before any malicious commands were detected. More than 2 million people downloaded tainted versions of Piriform’s program, which then directed the computers to get instructions from servers under the hacker’s control, Piriform said. REUTERS/Kacper Pempel/Illustration/File Photo The Avast post said that the investigation into the CCleaner compromised was continuing and it would issue further updates as needed.FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. "Besides the keylogger tool, other tools were installed on the four computers, including a password stealer, and tools with the capacity to install further software and plugins on the targeted computer remotely." "By installing a tool like ShadowPad, the cyber criminals were able to fully control the system remotely while collecting credentials and insights into the operations on the targeted computer," the Avast post said. The installation of ShadowPad was presumed to have been done by the second stage downloader of the malware that was used to compromise CCleaner. In the course of this process, it found that ShadowPad had been installed on the four Piriform PCs on 12 April 2017. In its latest update, issued on Thursday, Avast said in order to complete its investigation, it had migrated all the Piriform infrastructure to its own set-up. They then put up a second post on 20 September, after the second Talos post was published. Avast chief executive Vince Steckler and chief technology officer Ondřej Vlček published a blog post on 18 September, providing details of the incident. ![]()
0 Comments
Read More
Leave a Reply. |