The malware was found in version 5.33 of CCleaner, although the attack was halted before hackers had the opportunity to distribute it.
The software to remove useless files CCleaner was hacked to distribute malware directly to its users. According to Talos , millions of users were exposed for a month.
The application, which accounts for 2 billion downloads and more than 2 million active users according to the parent company Avast, was infected with a malicious upload that made it possible to download and run other suspicious software , including ransomware and keyloggers.
Developer Piriform and Avast have already confirmed the attack, but there is currently no evidence that additional malware has been distributed from CCleaner by exploiting the vulnerability. “As far as we know, the payload of the second stage was never activated … It was the preparation for something bigger, but stopped before the attacker had the opportunity to use it,” said Avast technical director Ondrej Vlcek .
The malware was also programmed to collect numerous user data, including the name of the computer, a list of the software installed on it including Windows updates, the list of running processes, the MAC addresses of the first three network adapters and information additional if the process is executed with administrator privileges, if it is a 64-bit system, etc. From Piriforma ensure that all stolen data was encrypted and is almost impossible to access.
The Talos report explains that malware was found in version 5.33 of CCleaner , which was actively distributed between August 15 and September 12. Interestingly, it appears that the infected application was signed with a valid certificate issued by Symantec to Piriform.
According to this report, the version infected with malware by CCleaner was downloaded by 2.27 million users . Vlcek stated that “2.27 million is undoubtedly a large number, so we are not minimizing them in any way. It is a serious incident. But based on all our knowledge, we do not think there is any reason for users to panic. ” It is recommended that users who downloaded the infected version go to the Piriform website and update to the latest iteration of CCleaner.