Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    CCleaner Hacked, Infecting Millions With Backdoor Malware

    By
    SEAN MICHAEL KERNER
    -
    September 18, 2017
    Share
    Facebook
    Twitter
    Linkedin
      CCleaner

      More than 2 billion users around the world have downloaded the Piriform CCleaner tool to help remove unwanted files and keep their systems secure. Now those users are at risk, as on Sept. 18, Piriform publicly revealed that its servers had been hacked, with attackers modifying CCleaner with a backdoor that possibly infected millions of users.

      “We estimate that 2.27 million users had the affected software installed on 32-bit Windows machines,” a spokesperson for software security vendor Avast told eWEEK. “We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.”

      Avast acquired Piriform in July, and in a statement Piriform thanked Avast Threat Labs for analyzing the attack. Piriform has contacted law enforcement, shut down the impacted download server and updated CCleaner to version 5.34.

      “A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems,” Paul Yung, vice president of products at Piriform, wrote in a statement. “Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.”

      According to Piriform, CCleaner was modified by an unknown attacker to include a two-stage backdoor. Such a backdoor is capable of receiving and running code from an attacker command and control server.

      “At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it,” Yung stated.

      While Avast and Piriform are not speculating on how long the attackers might have been in the CCleaner servers, Cisco’s Talos research group has made its own observations. Although Piriform’s disclosure only mentioned Avast Threat Labs as helping in the analysis, Cisco Talos claims that it reported the security issue to Avast on Sept. 13.

      The Cisco Talos researchers noted that they discovered the CCleaner malware while performing customer beta testing of a new exploit detection technology. According Cisco’s analysis, the infected version of CCleaner was first released on Aug. 15, meaning that users were exposed to risk of infection from the backdoor for approximately one month. 

      It’s not currently known how the CCleaner attackers were able to modify the code to include the backdoor code. Cisco Talos researchers speculate that attackers could have compromised a developer account that provided access or possibly were able to directly exploit a system within the CCleaner build environment.

      Infecting legitimate software with malware is not a new hacker technique and has been used in multiple attacks. In the recent NotPetya ransomware incident, an alleged root cause was a malware-infected update of widely used Ukrainian tax software. One of the ways that some organizations attempt to secure downloads is with an approach known as The Update Framework (TUF), which provides controls to help secure updates.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×