CCleaner malware was worse than expected
What is the CCleaner?
CCleaner is a software created by UK based company Piriform Ltd, and is designed to improve a computer’s performance by removing cookies, browser files and defragmenting hard drives. According to Avast Antivirus Software company, CCleaner has more than 2 billion downloads and adds 5 millions new users per week. Nevertheless, the 32 bit and cloud versions of CCleaner were compromised, with the company estimating that 2.27 millions users were affected.
Cyber Security researchers discovered that the CCleaner malware outbreak is much worse than first expected and evidence suggests that the CCleaner malware has infected at least 20 computers from leading technology companies with a strange payload. The infected update of the tool was first found by Israeli Security Endpoint firm Morphisec.
What does the malware do?
In the first stage, the malware’s malicious payload will only run on a 32-bit platform. It will then collect data from the infected PC and send the gathered information to a remote C&C server. The server will store all gathered information into a MariaDB and will likely run a couple of filters on each compromised hosts. After setting up the filters, the second-stage payload will be a stealthy backdoor trojan which is not easily detectable. Researchers released a list of targeted companies which includes Microsoft, Dlink, Singtel, Samsung, Google, HTC, Intel, Sony, VMWare, O2, Vodafone, Linksys, Epson, MSI and Akamai.
What is the remediation of the problem?
The company has released a new updated version of CCleaner. The company also say that they have contacted police officials and are conducting an incident response investigation. Piriform has since apologized to its customers of CCleaner.
Editor’s Note:
Check the CCleaner’s version and if it’s an infected version, remove the software immediately. Keep up to date with the latest version from Piriform. Anti-virus software cannot help you because CCleaner binary including the malware was signed using a valid digital certificate.
