Ccleaner malware distribution4/12/2023 ![]() ![]() "The affected software (CCleaner v and CCleaner Cloud v) has been installed on 2.27M machines from its inception up until now," Vlcek also added. In an email to Bleeping Computer, Avast CTO Ondrej Vlcek said that updating CCleaner to the most recent recent versions fixes any issues, as "the only malware to remove is the one embedded in the CCleaner binary itself." Updating to recent versions removes malware On September 13, Piriform released CCleaner 5.34 and pushed an update (v) to CCleaner Cloud users that do not contain the malicious code. The company said they found the malware in CCleaner version and CCleaner Cloud version. Piriform acknowledged the incident in a blog post today. ![]() It is unclear if this threat actor breached Avast's systems without the company's knowledge, or the malicious code was added by "an insider with access to either the development or build environments within the organization." Clean CCleaner versions releasedĪvast bought Piriform - CCleaner's original developer - in July this year, a month before CCleaner 5.33 was released. While initially, this looked like another case where a user downloaded a fake, malicious CCleaner app, they later discovered that the CCleaner installer was downloaded from the official website and was signed using a valid digital certificate.Ĭisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. About the same time, Morphisec reports receiving suspicious logs from several customers who installed the tainted apps, and immediately reached out to Avast.īoth research teams identified a version of CCleaner 5.33 making calls to suspicious domains. Threat actor compromised CCleaner infrastructureĬisco Talos security researchers detected the tainted CCleaner app last week while performing beta testing of a new exploit detection technology. The malware also quit execution if the user was not using an administrator account. Researchers noted that the malware only ran on 32-bit systems. The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according reports published by MorphiSec and Cisco Talos.įloxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |