Beware! 23 Lakh CCleaner Users Possibly Infected With Malware!
Hackers have used and exploited a trusted factor in first such instance
There is a thing which no anti-virus detector or anti-malware application can ever detect: Exploitation of trust.
And precisely this is what hackers these days are using to spread mayhem and chaos all around. In one of the first such instance, hackers used and exploited trust factor, and possibly infected millions of users, who trusted a brand.
What will anti-virus makers do now?
CCleaner Users’ Trust Broken & Exploited
Cisco’s Threat Intelligence team: Talos recently detected a daring malware attack, wherein a virus was fed into the CCleaner’s servers, and was downloaded by around 2.27 million users between August 15 and September 12.
This was CCleaner’s version 5.33, and users who trust the name and the brand unknowingly downloaded the malware, because it was hidden in CCleaner’s software.
With 2 billion downloads and 125 million users, CCleaner is world’s leading malware and virus removal tool, and around 5 million new users are being added every month.
Between August 15 and September 12, 2.27 million users downloaded CCleaner, which is distributed by Avast, which contained a ‘multistage malware payload’, hidden on top of CCleaner installation.
Cisco Talos immediately informed Avast, and were alerted about this vulnerability.
As per Avast, they have already released forced security updates for all users who have downloaded this affected version, and they were “able to disarm the threat before it was able to do any harm.”
Highlighting the exploitation of a trusted supply chain, Talos in their blog post said, “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,”
Malware Was Contained But Security Glitch Was Serious
Avast immediately resorted to damage control, and shared that that the second-stage payload of malware was never activated.
Avast chief technical officer Ondrej Vlcek said, “2.27 million is certainly a large number, so we’re not downplaying in any way. It’s a serious incident. But based on all the knowledge, we don’t think there’s any reason for users to panic.”
As per reports released by Talos, who discovered this threat, some vital information related with computers could have been stolen by hackers, which includes:
- Computer name
- List of all installed software, including Windows Updates
- List of running processes
- MAC Address of first three network adaptors
- Specific information related with the PC, such as whether it is 64-bit system or not and more
Here is the detailed blog from Talos, wherein they have provided in-depth technical details about the security glitch, and some possibilities of what could have been gone wrong for those 2.27 million users, who downloaded the affected version.