![]() ![]() We also immediately contacted law enforcement units and worked with them on resolving the issue.” reads a blog post published by Piriform. “Based on further analysis, we found that the version of CCleaner and the version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. On September 13, Piriform released a new version of the CCleaner (5.34) and CCleaner Cloud version that do not contain the malware. Let’s remind that Avast owns Piriform that developed the CCleaner solution, the Antivirus solution firm bought it in July, a month before the tainted CCleaner 5.33 version was released. It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code.” continues Talos. “Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization. It is possible that attackers compromised the company system, but experts haven’t excluded that the incident was an insider’s job. Researchers speculate attackers have compromised the Avast’s supply chain to spread the Floxif trojan. later discovered that the CCleaner installer was downloaded from the official website and was signed using a valid digital certificate.įurther investigation allowed Talos to discover that the tainted CCleaner version was deployed on the official website and was signed using a valid digital certificate. ![]() Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly” states the analysis published by Cisco Talos.Ĭisco Talos experts spotted the trojanized CCleaner app last week while performing beta testing of a new exploit detection solution, they noticed that a version of CCleaner 5.33 was connecting to suspicious domains. “CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.” reads the analysis published by Cisco Talos. ![]() The variant of Floxif malware spread by the crooks only works on 32-bit systems and victims must use an administrator account. Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035 | Japan's JPCERT warns of new 'MalDoc in PDF' attack technique |Īttackers can discover IP address by sending a link over the Skype mobile app |Ĭisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software |Ĭloud and hosting provider Leaseweb took down critical systems after a cyber attack |Ĭrypto investor data exposed by a SIM swapping attack against a Kroll employee |Ĭhina-linked Flax Typhoon APT targets Taiwan | Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months |įIN8-linked actor targets Citrix NetScaler systems | UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw | National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization |Ībusing Windows Container Isolation Framework to avoid detection by security products |Ĭritical RCE flaw impacts VMware Aria Operations Networks | Paramount Global disclosed a data breach | Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware |Īkira Ransomware gang targets Cisco ASA without Multi-Factor Authentication | Researchers released a free decryptor for the Key Group ransomware |įashion retailer Forever 21 data breach impacted +500,000 individuals | UNRAVELING EternalBlue: inside the WannaCry’s enabler | ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |