NetMag Global
CCleaner Security App hacked and hackers hid Backdoor in 2.3 Million Infect downloads
ICT

You need to upgrade your CCleaner app to avoid the hackers attacks

You need to upgrade your CCleaner app to avoid the hackers attacks

CCleaner Security App hacked and hackers hid Backdoor in 2.3 Million Infect downloads

CCleaner app for Windows is being attacked by criminal hackers, in results Users of infected Avast-owned security application allows for the download of further malware or bight be ransomware.

Recently researchers exposed that criminal hackers had installed a backdoor in the tool, which is the real cause of disruption in the app. Administration of Avast advised their users to update their software immediately to get rid of this attack.

According to figures provided by Avast, 2.27 million ran the affected software. However, the company said users need to relax and should not panic

CCleaner app is maintenance and file clean-up software having 2 billion downloads, run by a subsidiary of anti-virus giant Avast.

According to further investigation, the CCleaner download server was hosting the backdoor app, back on September 11. In a blog by Talos, it is informed that the affected version was released on August 15. But on September 12, a clean and fresh version 5.34 was released. For weeks then, the malware was dispersing inside supposedly-legitimate security software.

The malware would send encrypted information of infected computer like the name of the computer, installed software and running processes – back to the hackers’ server. The hackers are using DGA, which is basically a domain generation algorithm. As a result, each time the crooks’ server went down, the DGA would be able to generate new domains to send and receive stolen data.

Downplaying the threat?

CCleaner’s owner, Paul Yung, vice president of product at Piriform, just wrote in a post-Monday:

“Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

“The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

“Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.” He added.

According to CTO of Avast, there is no need to panic

Ondrej Vlcek, the chief technology officer at Avast said “that there was, however, little reason to panic. He explained that company used its Avast security tool to scrutinize machines on which the affected CCleaner app was installed (in 30 per cent of Avast installs, CCleaner was also resident on the PC).”

“That led to the conclusion that the attackers hadn’t launched the second phase of their attack to cause more harm to victims”. He added.

“2.27 million Is certainly a large number, so we’re not downplaying in any way. It’s a serious incident. But based on all the knowledge, we don’t think there’s any reason for users to panic,” Vlcek added.

“To the best of our knowledge, the second-stage payload never activated… It was prep for something bigger, but it was stopped before the attacker got the chance.” He said Cisco Talos wasn’t the first to inform Avast of the issues, another unnamed third party was.

It’s uncertain that who was behind the attacks. Yung said the company wouldn’t wonder how the attack happened or possible perpetrators. But for now, any concerned users should head to the Piriform website to download the latest software.

 

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *