Warning: Ccleaner Hacked To Distribute Malware; Over 2.3 1000000 Users Infected

If you lot bring downloaded or updated CCleaner application on your estimator betwixt August xv too September 12 of this twelvemonth from its official website, thus pay attention—your estimator has been compromised.

CCleaner is a pop application amongst over 2 billion downloads, created past times Piriform too of late acquired past times Avast, that allows users to build clean upwards their organization to optimize too heighten performance.

Security researchers from Cisco Talos discovered that the download servers used past times Avast to permit users download the application were compromised past times some unknown hackers, who replaced the master version of the software amongst the malicious 1 too distributed it to millions of users for roughly a month.

This incident is withal some other illustration of provide chain attack. Earlier this year, update servers of a Ukrainian fellowship called MeDoc were too compromised inward the same agency to distribute the Petya ransomware, which wreaked havoc worldwide.

Avast too Piriform bring both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 too CCleaner Cloud v1.07.3191 were affected past times the malware.

Detected on thirteen September, the malicious version of CCleaner contains a multi-stage malware payload that steals information from infected computers too sends it to attacker's remote command-and-control servers.

Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform past times Symantec too used Domain Generation Algorithm (DGA), thus that if attackers' server went down, the DGA could generate novel domains to have too post stolen information.

"All of the collected information was encrypted too encoded past times base64 amongst a custom alphabet," says Paul Yung, V.P. of Products at Piriform. "The encoded information was afterwards submitted to an external IP address 216.126.x.x (this address was hardcoded inward the payload, too nosotros bring intentionally masked its concluding ii octets here) via a HTTPS POST request."

The malicious software was programmed to collect a large number of user data, including:

• Computer name
• List of installed software, including Windows updates
• List of all running processes
• IP too MAC addresses
• Additional information similar whether the procedure is running amongst admin privileges too whether it is a 64-bit system.

How to Remove Malware From Your PC

According to the Talos researchers, roughly five 1 G k people download CCleaner (or Crap Cleaner) each week, which indicates that to a greater extent than than xx Million people could bring been infected amongst the malicious version the app.

"The impact of this assault could last severe given the extremely high number of systems maybe affected. CCleaner claims to bring over 2 billion downloads worldwide every bit of Nov 2016 too is reportedly adding novel users at a charge per unit of measurement of five 1 G k a week," Talos said.

However, Piriform estimated that upwards to three pct of its users (up to 2.27 1 G k people) were affected past times the malicious installation.

Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, inward gild to protect their computers from existence compromised. The latest version is available for download here.

Share This :