Hackers compromised CCleaner software by installing a hidden backdoor

Hackers compromised CCleaner software by installing a hidden backdoor

According to this deep technical analysis of the compromise of CCleaner from Talos Intelligence, Piriform claimed last November that they were adding 5 million new desktop installs of CCleaner each week.

Marco Cova, a senior security researcher at cyber security company Lastline, told International Business Times supply chain attacks are "sort of a holy grail for malware authors because they can efficiently distribute their malware, hide it in a trusted channel, and reach a potentially large number of users".

On Sept. 18, Piriform publicly revealed that its servers had been hacked with attackers modifying CCleaner with a backdoor that possibly infected millions of users.

Hackers compromised CCleaner to infect as many as 2.27 million PCs with malware.

"We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191", Paul Yung of Piriform said in a statement. "Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm", an Avast spokesperson said.

Anyone who uploaded CCleaner between August 15 to September 12 are advised to manually download and update their software immediately.

Cisco Talos said the attack affected CCleaner version 5.33, which was launched August 15.

Updated versions of CCleaner and CCleaner Cloud have since been released; users of the former should download version 5.34 of CCleaner if they've not already done so, while CCleaner Cloud customers will have already received the update to 1.07.3214. "Users should also update to the latest available version of CCleaner to avoid infection", Cisco advises.

The company's press team said that, if infected, hackers could use the exploit to steal sensitive data and/or credentials which could be used for internet banking or other online activities.

The CCleaner is a popular tool for cleaning out "crap-ware", helping remove temporary files, browser caches, log files and other junk from a system.

The flagged executable was signed with a valid digital certificate issued to Piriform, but came with an additional payload.

In a separate post, Talos reports: "In analyzing DNS-based telemetry data related to this attack, Talos identified a significant number of systems making DNS requests attempting to resolve the domains associated with the aforementioned DGA domains". However, "the lack of automatic updates for the free edition of CCleaner may actually have reduced the total number of users put at risk by the compromised version", United Kingdom security writer Graham Cluley noted in his blog today.

Alternatively, "It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code", the researchers added.

CCleaner is the software to clean up the system and optimize its performance.

Related News:

  • Pelosi speech on DREAM Act interrupted by protesters

    Barbara Lee and Jared Huffman (D-Calif.), started her press conference by saying that "DREAMers are an inspiration to all of us". They embody the promise of America... of the American Dream... "We want that to be the basis of how we go forward", she said.
    European Union  warns Ryanair on cancellation reimbursement, compensation

    European Union warns Ryanair on cancellation reimbursement, compensation

    So far, no flights to and from Cyprus have been axed, but that might change when a "new list" is published midweek. Ryanair is changing its holiday year, which now runs from April to March, to run from January to December instead.
    Kevin Hart's Wife I Plead the 5th

    Kevin Hart's Wife I Plead the 5th

    Now here's what's shocking ... the extortionist who made the video says the point is 2-fold ... to expose Kevin and to get money. Following the revelations, the FBI has launched an investigation, according to CBS Los Angeles .
  • Interior chief urges shrinking 4 national monuments in West

    Interior chief urges shrinking 4 national monuments in West

    The restrictions aren't as stringent as for national parks, but include limits on mining, timber cutting and recreational activities such as riding off-road vehicles.
    Toys R Us could be headed towards bankruptcy

    Toys R Us could be headed towards bankruptcy

    The deal saddled the company with debt, limiting its ability to revamp its stores and make online shopping easier. Toys "R" Us is reportedly set to file for bankruptcy just ahead of the busy holiday shopping season.

    How Does Bank of the Ozarks (OZRK) Stack Up Right Now?

    The financial services provider reported $0.73 earnings per share (EPS) for the quarter, hitting the consensus estimate of $0.73. After $0.73 actual EPS reported by Bank Of The Ozarks Inc for the previous quarter, Wall Street now forecasts 1.37% EPS growth.
  • 21-year-old Syrian refugee identified as suspect to London Tube attack

    The witness added: "A forensic team wrapped his arms in plastic up to his biceps and his legs up to his thighs". We were going to help him but they shouted "undercover police" so we stepped back. "The guy was screaming".
    Game Preview: Seahawks look to continue recent success against 49ers

    Game Preview: Seahawks look to continue recent success against 49ers

    In the Seahawks' 17-9 loss to Green Bay last week, he managed a paltry three yards on five carries against his former team. In 2015, he rushed for just 758 yards and reached the end zone three times while dealing with ankle and groin injuries.
    UN Security Council condemns N.Korea over missile launch

    UN Security Council condemns N.Korea over missile launch

    The Philippines has urged North Korea to stop its missile tests and head to the negotiation table instead, hours after Pyongyang launched another missile over Japan.
  • Kate Walsh Opens Up About Having a Brain Tumor

    Kate Walsh Opens Up About Having a Brain Tumor

    The auburn beauty dismissed her exhaustion as being due to working an 80-hour week on NBC's legal drama Bad Judge . Even though the tumor was benign, Walsh said that the whole experience was a big wake-up call for her.
    Gas prices hit three-year highs

    Gas prices hit three-year highs

    During the same time in 2014, oil was (and usually is) the main driver of pump prices, as crude traded between $65-$75 per barrel. Not a threat to make landfall, Hurricane Jose, a Category 1, is well off the shore of North Carolina.
    MGM announces plans for new CT  casino

    MGM announces plans for new CT casino

    The sale was disclosed in a document filed with the Securities & Exchange Commission, which is available through this link . After this sale, 850,290 common shares of MGM are directly owned by the insider, with total stake valued at $27,141,257.


Most liked

Hurricane Maria headed towards the Caribbean
Tropical Storm Lee formed early Saturday in the eastern Atlantic Ocean, packing maximum sustained winds of 40 miles per hour . More than 1,700 residents of Barbuda were evacuated to neighboring Antigua after Irma damaged almost every building there.

Everton boss Ronald Koeman: We can't dwell on striker signing failure
Everton have lost four in a row, failed to win in six games and only have one Premier League win to their name this season. Then Ashley Williams gifted a second goal scored by Henrikh Mkhitaryan and the floor gave way on Everton .

White House special counsel caught blabbing about Russian Federation probe in public
The report also notes that a Times reporter eavesdropped on a conversation Cobb had with a colleague during a dinner. White House Chief of Staff John Kelly erupted at Cobb after he learned about the lunchtime conversation.

Sindhu clinches Korea Open Super Series
After Sindhu's victory, PM Modi in his congratulatory tweet appreciated her efforts to make India pride by winning the title. Though the Japanese lost to Sindhu in the quarter-finals in Seoul last week, she can not be taken lightly at any cost.

Cowboys' value climbs to $4.8bn atop Forbes' NFL list
However, the 19-percent increase from 2015 to 2016 suggests that financial growth over the past year has relatively slowed. The Cowboys were the only National Football League club worth $2 billion five years ago, per Forbes .

Barcelona's Dembele tears tendon, out 3-4 months
This means the 20-year-old is unlikely to play for the Catalonia based club again until the New Year. The player will be operated on by Dr.

Call of Duty: WWII's story seems to be shaping up well
Day two will bring us details about the squad you'll be part of in the campaign, which Sledgehammer teased at the game's reveal. That's what the campaign of the game is about and the trailer tries to deliver the feeling of was as emotional as it can.

Neville Rodie & Shaw Inc. Sells 1795 Shares of Union Pacific Corporation (UNP)
Also, it has an estimated price-earnings (P/E) multiple of 17.15 and a trailing 12-month price-earnings (P/E) multiple of 20.11. Earnings per share serves as an indicator of a company's profitability. 620,891 were reported by Millennium Mgmt Ltd Liability.

Senate GOP musters final push to erase Obama health care law
Bill Cassidy (R., La.) and would replace Obamacare's top-down federal structure and replace it with block grants to states. That includes states like NY and California, which stand to lose federal funds under Graham-Cassidy.

Celebrate National Cheeseburger Day with a 'free' cheeseburger from McDonald's
Monday is National Cheeseburger Day , and Shake Shack isn't the only chain with burger deals . Fuddrucker's: Are you up to the 3-Pound Burger Challenge? "Promo is still running till 2 p.m".

Australia go 2-1 up against Belgium in Davis Cup semi-final
The weekend's winners will face the victors of the other semi-final between France and Serbia who are playing in nearby Lille. However, the duo eased through in the tiebreak and are now closing in on an 18th Davis Cup final for France.

Georgia Tech Police Shoot & Kill Scout Schultz, a Student Wielding a Knife
That video container away to demonstrate another officer strolling up from behind Schultz and after that a gunfire is heard. Once of the officers fired when Schultz continued to advance and would not drop the knife.

Canadians touch down in Antigua and Barbuda to help rebuild after Irma
Browne went on to say that they hope worldwide partners and friendly governments will come forward to assist the island . The Prime Minister Gaston Browne and other officials have attributed this to poor building standards in Barbuda .

Major League Baseball announces suspension for Willson Contreras
Cubs manager Joe Maddon told reporters Sunday that he was pleased the situation was resolved. "It's good news", he said Sunday. The backstop appealed the ruling and will now only be forced to sit out one game. "Get it off his mind and play it forward".

Hurts, No. 1 Alabama overwhelm Colorado State, 41-23
The Rams got on the board early in the second quarter after kicker Wyatt Bryan connected on a 27-yard field goal to make it 17-3. Give some credit to the Rams' offense moving the ball deep and their defense being able to stop some of Alabama's drives.