CCleaner malware outbreak is much worse than it first appeared

autodesk factory design suite ultimate 2012
click here to buy
Comments For a long time CCleaner has been the most popular system-cleaning tool for Windows, extending its reach to other platforms like macOS and Android phones. However since security giant Avast acquired it last year, it’s been a stormy ride that’s had many doubting how effective or trustworthy the tool really is. While CCleaner has certainly grown up since its “crap cleaner” days, it’s certainly gotten more bloated over the years as well.
ccleaner malware reddit

CCleaner Malware

The software gets rid of temporary files that eat up disk space and invalid Windows registry keys. During the cleanup, malicious files buried in the system are also deleted. However, in September , CCleaner malware was discovered. Hackers took the legitimate program and inserted malicious code that was designed to steal data from users.

They turned a tool meant to scrub your computer clean of lurking malware into a serious threat to sensitive and personal information.

Understanding the Threat The malware consisted of two Trojans, Trojan. Floxif and Trojan. Nyetya, inserted into the free versions of CCleaner version 5. It’s believed the hackers compromised CCleaner’s build environment to insert the malware.

According to different reports , the malware is capable of collecting specific data from an infected computer system, including IP addresses and information on installed and active software, and sending it to a third-party server located in the United States. CCleaner’s parent company, Avast Piriform, found the malware on September 12, , and immediately took steps to remediate the problem.

Initially, the company believed it was confined to the above versions running on a bit Windows systems and that downloading upgraded versions of the program would solve the problem.

It’s believed more than 2 million users were infected. Unfortunately, the company soon discovered the malware infection was more severe than originally believed. A second stage payload was discovered by Cisco Talos. This payload targeted approximately 20 of the largest tech companies, including Google, Microsoft, Cisco, and Intel, and infected 40 computers. According to Wired , “Cisco says it obtained a digital copy of the hackers’ command-and-control server from an unnamed source involved in the CCleaner investigation.

The server contained a database of every backdoored computer that had ‘phoned home’ to the hackers’ machine between September 12 and 16″. Although there is no definitive evidence identifying the party responsible for the CCleaner malware, investigators discovered a link to a Chinese hacking group known as Axiom. The CCleaner malware shares code with tools used by Axiom, and a time stamp on a compromised server matched a Chinese time zone; however, time stamps can be changed or modified, making it difficult to pinpoint origin.

Combined with the choice of tech targets, this raised concerns that CCleaner malware could be part of a state-sponsored attack. As of late , the investigation into responsibility for the hack is ongoing. When the CCleaner malware was first discovered, users were advised to upgrade to the newest version of the program based on the belief it was an isolated incident and later versions were safe. However, the discovery of the second stage payload complicated removal and protection.

Having a disaster recovery plan in place may be the only way to truly ensure your computer is free of the CCleaner malware. Investigators recommend restoring systems to backed-up versions dating before August 15, when the first infected tools were released. The infected version of CCleaner should be uninstalled and antivirus scans initiated to ensure the system is clean.

If you decide to reinstall CCleaner, it should be the most recent version available, or at least version 5. CCleaner is known to be an excellent tool for eliminating malicious programs that hide deep in computer systems, but as the CCleaner malware incident proves, even the programs created to protect our computers from threats are not immune to hackers. Related articles:

The State of Windows Clean-up Tools

DLL in registry: So, affected companies that have had their computers infected with the malicious version of CCleaner are strongly recommended to fully restore their systems from backup versions before the installation of the tainted security program. Originally posted by blog. This installer checks the OS version and then drops either a bit or bit version of a trojanized tool. The x64 version drops a trojanized EFACli None of the files that are dropped are signed or legitimate.

VIDEO: What is CCleaner Malware and How to Remove It? | Kaspersky

Find assets in your IT network infected with Floxif CCleaner malware. Download your free trial and start the audit of your company network. Here’s a brief timeline of CCleaner supply chain malware attack, explaining how and when hackers infected millions of computers. While CCleaner has certainly grown up since its “crap cleaner” days, it was disclosed that the tool had been infected with Floxif malware.

Leave a Reply

Your email address will not be published. Required fields are marked *