The latest software to get hacked is, ironically, an anti-malware tool which is supposed to protect various gadgets from malware. CCleaner, formerly known as Crap Cleaner, developed by Piriform and later acquired by Avast, became the latest victim of hacking when its download servers were successfully compromised by an unknown group of hackers whose identity is yet to be discovered.
It is being estimated that more than 2 million users who downloaded the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 between 15 August and 12 September – the time period during which the malware was active- have been compromised.
After having discovered the security breach, the Cisco's Talos Intelligence Research team duly informed Piriform about its findings. But by then the security company had already come up with a cleaner version of the software as per its regular updates plan. Therefore those users downloading the latest version – the one issued on September 13th - of CCleaner are not at the risk of being infected.
The malware detected in the download packages of the CCleaner anti-malware tool was used to send non-sensitive data from infected computers back to a server located in the US. The non-sensitive data supposedly collected by the malware from the infected computers includes "computer name, IP address, list of installed and active software and the list of network adapters".
It seems the malware attack could have been a lot worse if the second payload which had been installed on infected computers had been executed successfully. A payload refers to the executable part of the malicious code. Like, for example, code responsible for actions like data destruction or the delivery of spam mails to the users etc.,
This is the second instance of a supply-chain attack this year – the first being the Petya ransomware which made use of the update servers of a Ukranian company called MeDoc to wreak havoc worldwide – which targets the download servers of a company for spreading malware. These supply chain attacks are becoming more and more popular as they exploit the trust between manufacturers and consumers and therefore their success rate is high.
In a statement released to the public, Cisco's Talos has been quoted as saying, "The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week".
Mr Yung, the Piriform's vice president, said that, "Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we're moving all existing CCleaner v5.33.6162 users to the latest version".
He further adds that, "Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.We are taking detailed steps internally so that this does not happen again, and to ensure your security while using any of our Piriform products".
The only way for those infected users – and those CCleaner users who wish to stay secure - is to update the software to its latest version: the one released on September 13th.
Julia Sowells is a security geek writer at hackercombat with almost 5+ years of experience, writes on various topics pertaining to network security.