8/5/2023 0 Comments Ccleaner malware version 5![]() ![]() UTC According to Piriform, only 32-bit versions of the software are affected. Users of CCleaner Cloud version have received an automatic update." "The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker and we’re moving all existing CCleaner v users to the latest version. These two apps were "illegally modified before (they were) released to the public," the post said. ![]() In a blog post, the company's VP of Products Paul Yung said that another one of it software products, CCleaner Cloud (version ), has also been affected. This was confirmed by the app's maker, Piriform, which was acquired by anti-virus software maker Avast in July. The malware doesn't do much damage by itself, but opens up the possibility for hackers to remotely install other malware, with potentially devastating consequences. With that type of response I won't ever support the use of Avast or Piriform software in the foreseeable future.Beware, Google Play Store gets caught distributing malwareĪccording to Cisco Talos, only version 5.33 of the software is affected, and the more recent 5.34 version of CCleaner is malware-free. They aren't taking any responsibility for what's a pretty massive breach on there end. It's pretty obvious they just got damn lucky the new version doesn't have the malware, probably because it got built on different machine from the affected release. On the other hand Piriform's statement makes it seem like they figured it out and eliminated the problem and released an update. They spell out what happened and what they know and don't know and try to avoid assigning blame. Talos makes it pretty clear that there was a serious problem on Piriform's end (how do you build and send something out when the source obviously doesn't match what is in your release branch?). It's clear that this malware was intended to allow another large scale botnet and that there were several breakdowns in the software development process that allowed this to happen. My respect and trust in a company depends on how they handle an incident like this. Users of CCleaner 5.33 are urged to immediately update (opens in new tab) to the latest CCleaner 5.34 version. Previous research has showed that the overwhelming majority of security bugs would be rendered useless if people would use Standard/Limited accounts instead of Administrator accounts by default. Talos added that right now very few antivirus programs can even catch the CCleaner malware: only one antivirus engine out of 64 was able to detect it (ClamAV).įinally, it’s always a good idea to use a Standard/Limited account on your Windows PC by default, as opposed to using an Administrator account. Talos also showed that anti-exploit technology can be quite useful in situations where antivirus software cannot, as Malwarebytes has also said in the past. Additionally, if updates are automatic, the damage could be much larger, as we saw with the NotPetya attack.Īutomatic updates may still be a net win for users because of how many patches to exploitable bugs could reach users faster than otherwise, but it also means that developers of software with automatic updates should take the security of their update servers that much more seriously. What we can learn from this situation is that attackers seem to be increasingly targeting developers of popular software as a way to more easily infect millions of users at once. Other factors limiting the potential impact were the fact that the malware was only bundled with the 32-bit version of the software, as well as the malware only activating on Windows accounts with administrator privileges. If they were, we may have seen orders of magnitude more users being infected. However, there are a few factors that limited the number of infections, one of which is that for users of the free version of CCleaner, updates are not automatic. Potential ImpactĬCleaner had 130 million active users at the time of the Avast acquisition, and it continues to gain millions of users every week. ![]() The Talos team believes it may have more to do with an attacker compromising Avast’s development and signing process for the CCleaner application and recommended that this certificate be immediately revoked and untrusted going forward.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |