![]() Reportedly, the distribution stopped on September 15th only.Īlthough some experts recommend updating CCleaner to 5.34 version, we are afraid that it might not be enough to root the backdoor out of your system. The 5.33 version was released on August 15, 2017, meaning that criminals started to infect systems on that day. Remove CCleaner malware and protect your privacyĪccording to Piriform, hackers managed to modify CCleaner 5.33 version before it was launched. The second-stage payload is designed to allow hackers get a deeper foothold on tech companies’ systems. After accessing the Command & Control database, researchers discovered at least 700,000 computers that responded to the server and more than 20 machines infected with the second stage malware. Remember that it is a shortened list of domains. To detect the targets, the malware uses a list of domains, such as: It seems that the second payload only targets giant tech companies. However, a little later malware analysts revealed CCleaner virus’ functionality to download the second stage payload. According to experts from Talos Intelligence Group, “this information would be everything an attacker would need to launch a later stage payload.” According to analysts, CCleaner 5.33 virus was capable of transmitting several types of data to its own database, including victims’ IP addresses, online time, hostnames, domain names, lists of active processes, installed programs and even more. Malware collects data from compromised systemsĪt first, experts discovered only the first stage payload. It appears that the malware injected into the PC optimization software (known as Nyetya or Floxif Trojan) could transfer the name of the computer, list of installed software or Windows updates, running processes, MAC addresses of first three network adapters and even more data about the computer to a remote server. The company took actions to take down the server that was communicating with the backdoor. It appears that these versions were illegally modified to set up backdoors on users’ computers. The VP apologized and stated that hackers managed to compromise CCleaner and CCleaner Cloud version. On September 18, 2017, Paul Yung, the vice president of Piriform, announced the hack in a troubling blog post. It appears that hackers compromised company’s servers to inject malware into the legitimate version of the PC optimization tool, which successfully landed the malicious component on more than 2.27 million computers worldwide. Sadly, the company recently experienced something very unpleasant and what is publicly known as “supply-chain attack.” It is a completely legitimate system maintenance tool with a spotless reputation. CCleaner hack affected millions of computers worldwideĬCleaner by Piriform is a top-rated PC optimization software trusted by billions (not millions!) of users worldwide.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |