Virus, hacks, malware pose an imminent threat to our digital life. One wrong move and you could get trapped in a cyber mess. However, it is easier to secure yourself from something you know looks suspicious. But what to do when you’re faced with something that has disguised itself as completely legitimate? Something similar just happened to people who use CCleaner.
PC cleaner app called CCleaner – short for Crap Cleaner – has unwittingly exposed its users to a malware. According to reports from Cisco Talos, a legitimately signed version 5.33 of CCleaner had “a multi-stage malware payload that rode on top of the installation of CCleaner”. This is a cause for concern as CCleaner has a wide user base. By November 2016 it had been downloaded over 2 billion times with a growth rate of 5 million users per week.
According to CCleaner’s parent company Avast, the software was tainted with malware in August when the 5.33 version was released. About 2.27 million people have downloaded the app in that time period. However, now a new version 5.34 has been put out. The malware was able to access the affected person’s MAC address, computer name, list of running processes and software. However, Avast alleges that all the data that the malware may have captured is useless since it has been encrypted.
Craig Williams, the head of Cisco’s Talos team, said, “There’s a concerning trend in these supply-chain attacks. Attackers are realizing that if they find these soft targets, companies without a lot of security practices, they can hijack that customer base and use it as their own malware install base…And the more we see it, the more attackers will be attracted to it.”
However, the matter for concern here is that Avast is a big security company itself. How did it get affected by malware, that too on a software update that had a legitimate signature on it? Avast addressed this issue by saying that they cryptographically sign all installations so that hackers cannot spoof them without having access to a cryptographic key. However, in this case, turns out hackers infiltrated Avast’s software development chain before the actual update was sent out. Avast did not find out about this infiltration until it was too late and ended up putting their stamp of approval on a malware that was riding on their installation file.
If you happen to be a regular CCleaner user or if you installed an update in August, it would be best to update to the latest version.