Hackers spread hidden malware to 2.27 million people through the CCleaner software

An app used by millions to optimise computer performance has been hit by a malware attack.

Hackers spread hidden malware to 2.27 million people through the CCleaner software

CCleaner is an application that helps computer owners keep their devices optimised, by cleaning cookies, internet history and other temporary files.

The app, which had more than two billion downloads by November last year, was used to spread malware to millions of users. It’s thought that the latest version of the app infects PCs, making them part of a botnet; slave computers that hackers can use at will to direct traffic for malicious purposes.

According to security investigators Cisco Talos, a version of CCleaner 5.33 downloaded in August included hidden malware. But owner Avast Piriform says it prevented the breach harming customers.

The version of CCleaner tried to connect to several unregistered web pages, presumably to download other programmes.

“On September 13 2017, Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities,” Cisco Talos said in a blog post.

What makes this attack unusual is that it comes from a legitimate version of a trusted app.

“By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,” the Cisco Talos blog post continues.

However, the company that owns CCleaner, Avast Piriform, says the breach did not harm any of their customers.

“Piriform believes that these users are safe now as its investigation indicates it was able to disarm the threat before it was able to do any harm,” says an Avast spokesperson.

ccleaner

But Cisco Talos says the malware could expose a wider security problem. “The presence of a valid digital signature on the malicious CCleaner binary may be indicative of a larger issue,” it says.

Craig Williams, a researcher at Cisco Talos, said it was a sophisticated attack since it penetrated a trusted supplier. This is similar to June’s NotPetya attack hidden in infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimisation software had a proper digital certificate, which means that other computers automatically trust the program.

This is just the latest hack in an increasingly exposed online world. From TalkTalk to Ashley Madison, major hacking and data breaches have been consistently damaging over the past few years, and anyone can be caught in the crossfire. 

From ransomware-based extortion to malicious macros hidden in email attachments, you should be well aware of the threats you face while surfing the web. If you want to learn how to stay safe, read Alphr’s anti-hacking tips

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.