Monday, September 18th 2017
Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised
In another large-scale attack that's bound to increase users' awareness on their systems' security, news have broken out that Piriform, creators of the popular CCleaner software tool (estimated to be instaled in some 130 million devices), have suffered a hack on their servers that compromised some installer packages of the software. Piriform, which was purchased by popular security software company Avast last July, was hacked last August, and the changes to the installer packages could potentially allow hackers to control the devices of more than two million users, the company and independent researchers said on Monday.
Specifically, hackers embedded remote administration tools on CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191, tools that then tried to connect to several unregistered web pages, looking to download additional unauthorized programs, according to Cisco's Talos security research unit. Users would have noticed nothing wrong on their systems, since the entire malicious string of code was run under CCleaner's authentic digital certificate. The nature of the attack code suggests that the hacker won access to a machine used to create CCleaner, Talos researcher Craig Williams said.
CCleaner does not feature automatic updates, so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.
Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day. A clean version of CCleaner Cloud took a little while longer to be released, seeing the light of day on Sept. 15. Talos' security Craig Williams said that the issue was detected at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.
Source:
Reuters
CCleaner does not feature automatic updates, so if you make use of CCleaner, make sure to check your software version, and force an update through the app. Or better yet, make sure to uninstall the app and install the new, corrected version, which currently stands at 5.34.6207.
Piriform said that Avast, its new parent company, had uncovered the attacks on Sept. 12, with a new, uncompromised version of CCleaner being released the same day. A clean version of CCleaner Cloud took a little while longer to be released, seeing the light of day on Sept. 15. Talos' security Craig Williams said that the issue was detected at an early stage, when the hackers appeared to be collecting information from infected machines, rather than forcing them to install new programs.
58 Comments on Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised
Win32/CCleaner.A - Object: C:\Program Files\CCleaner\CCleaner.exe
Win32/CCleaner.B - Object: Werkgeheugen = CCleaner.exe
Strangely enough that's the 64-Bit Program Files folder... even though they said only 32-Bit is affected.
Also ran a scan with Immunet to be sure, nothing else found, nor anything in the registery named Agomo.
That means the Auto Cleanup Feature on Startup uses the 32-Bit Exe...
That's why my NOD32 went off.