Published: Thu, September 21, 2017
Hi-Tech | By Ellis Neal

Popular free PC software CCleaner 'compromised' by malware

Popular free PC software CCleaner 'compromised' by malware

It is not clear which companies housed the infected computers, but data retrieved by Cisco showed that the hackers had targeted networks at major technology companies, including Samsung, Sony and Cisco itself.

A malicious program was planted inside the popular, free software, which is downloaded as often as 5 million times per week and is used to delete cookies and junk programs to make computers and Android phones run faster.

Williams said that Talos detected the issue at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs. The company is now owned by Czech Republic-based antivirus company Avast.

Security researchers and Piriform said hackers compromised CCleaner in a sophisticated attack that affected more than 2 million computers.

One countermeasure suggested to the affected users was to update to the latest version of CCleaner. He pointed out that, for almost a month, the compromised version of CCleaner was installed on millions of systems and during that time could have done anything. "Operation Aurora started in 2009 and to see the same threat actor still active in 2017 could possibly mean there are many other supply chain attacks by the same group that we are not aware of", Rosenberg added.

Wherever possible, it also seems better to use paid software over free ones (even legitimate free ones), as the paid ones may possess better security features. However, "the lack of automatic updates for the free edition of CCleaner may actually have reduced the total number of users put at risk by the compromised version", United Kingdom security writer Graham Cluley noted in his blog today.

List of domains the attackers were attempting to target. "If I trust whoever's giving me updates, then I trust the updates are good".

It had said that, based on an analysis of machines that used Avast's security software, it believed that the second stage payload was never activated, and therefore the only malicious code present on customer machines was the one embedded in the ccleaner.exe executable. Two versions of the software released in August were affected, the company said.

Piriform advised users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 to update their software.

The company following the revelation was quick to assure users that no damage was done to their devices but urged them to check for the version of the software installed just a precautionary measure. Talos researchers said the malware might have been inserted into Piriform's software either by an external hacker who was able to compromise the company's development or build environments, of by an insider with access to those environments.

Like this: