Start United States USA — IT CCleaner server infection may have spread to millions before it was caught

CCleaner server infection may have spread to millions before it was caught

267
0
TEILEN

CCleaner may have infected millions around the world with data-stealing malware, which managed to slip it into its official download.
For possibly as long as a month, the CCleaner system maintenance application has been distributing malware through its official channels. It appears to have been an exploit of the CCleaner installer’s download server, meaning that whenever anyone downloaded the software via official means, they also unwittingly downloaded a piece of malware.
Although malware of all types is most commonly spread through phishing attacks like infected attachments and phony links, a tactic which is seeing a lot of success is infecting trusted platforms. Whether it’s hijacking legitimate distribution accounts, or in this case the download servers themselves, it leaves the victims vulnerable to infection even if they observe proper personal security practices.
The payload for this malware attack has several tasks once installed. As Talos describes in its breakdown of the malware attack, it first lays dormant to avoid automated detection systems, before checking to see if it has admin access. If not, it shuts itself down to avoid detection, but if it does, it proceeds to gather information on the system and then sends it to a remote server for later collection.
It then looks to connect to several other domains, leading to the potential download of more malicious software.
Piriform, the software’s developer, has since issued an apology for the exploit affecting so many of its customers. It warns that anyone running CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 could be affected. It suggests anyone running either version update to the latest release, which has been confirmed infection free.
It would also be a good idea to run standard anti-virus and anti-malware checks with your chosen security software. If you don’t have one or aren’t sure which to opt for, these are some of our favorites.
Even if the ramifications of it are swiftly countered though, one of the worst aspects of this sort of exploit is that they could reduce the trust people have in legitimate sources and institutions. Piriform was purchased by the anti-malware company Avast in July while a fellow anti-malware firm, Symantec, issued the infected CCleaner download with its valid security certificate.
Having the rug pulled out from a legitimate download like this makes it much harder for those with little security knowledge to know where to turn to protect themselves online. If the very companies that purport to do so can aid in the proliferation of malware themselves, who can you trust?

Continue reading...