Story image

CCleaner software compromised in supply chain malware attack

19 Sep 2017

Popular ‘junk’ wiper and maintenance software CCleaner has been subject to a hack that could potentially affect billions of users worldwide, according to security firm Talos.

The hack called a ‘supply chain attack’, banks on the trust relationship between supplier and customer. 

In this case, the software’s update servers were compromised to deliver malware to victims and Piriform was hosting the malicious software itself.

Anyone who updated to CCleaner 5.3.3 between August 15 and September 11 is at risk of the hack. On September 12, the official 5.34 version was release.

The hack was able to collect information such as the name of the computer, list of installed software and windows updates, list of running processes, MAC addresses of the first three network adapters, as well as whether the process was running with administrative privileges and whether it is a 64-bit system.

The malware also used valid digital signatures to further mask its malicious intent.

Piriform, the company behind CCleaner, posted a blog today which explains the technical details of the hack.

“A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process,” comments Piriform’s VP of Products, Paul Yung.

He says that the company has disabled the rogue server and other potential servers. All CCleaner users are also being moved to the latest version.

The company has no indication who was behind the attack, where it came from or how long it was being prepared for.

“To the best of our knowledge, we were able to disarm the threat before it was able to do any harm,” Yung says.

“This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates,” Talos researchers state in their blog.

“In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected.”

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.