5/30/2023 0 Comments Avast ccleaner malware name![]() ![]() Users of the Cloud version need do nothing, as the application has been updated to a clean version automatically. Now that the malware has been removed, users can simply download version 5.34 of the application which will remove the backdoor. The individuals behind the attack used a valid digital signature that was issued to Piriform by Symantec along with a Domain Generation Algorithm to ensure that new domains could be generated to receive exfiltrated data from compromised systems in the event that the main domain was taken down. The malware was detected on September 13, 2017, although an announcement was not initially made as Avast and Piriform were working with law enforcement and did not want to alert the attackers that the malware had been detected. The malware reportedly did not execute on 64-bit systems and the Android app was unaffected. The versions of the software affected were v and CCleaner Cloud v. Avast says the attack involved a second stage payload, although it would appear the additional malware never executed. The CCleaner malware laced application was only part of the story. The CCleaner malware collected details of users’ IP addresses, computer names, details of software installed on their systems and the MAC addresses of network adaptors, which were exfiltrated to the attackers C2 server. The malware in question was the Floxif Trojan, which had been incorporated into the build before Avast acquired Piriform. On Monday this week, around 730,000 users had not yet updated to the latest, clean version of the program.Īny individual that downloaded the application on a 32-bit system between August 15 and September 15 was infected with the CCleaner malware, which was capable of gathering information about the users’ system. However, Piriform suggests around 2.27 users had downloaded and installed the backdoor along with the legitimate application. During that time, around 3% of users of the PC cleaning application had been infected according to Piriform.Ĭisco Talos, which independently discovered the build of CCleaner had malware included, reported around 5 million users download the program each week, potentially meaning up to 20 million users may have been affected. ![]() CCleaner malware infections continued for a month before the compromised binary was detected and the backdoor was removed.Īvast, which acquired Piriform over the summer, announced that between August 15 and September 15, a rogue version of the application was available on its server and was being downloaded by users. The current non-compromised version at the time of this writing is. To determine the version of CCleaner you are currently running simply launch the application and check the version number on the app’s upper-left next to the logo. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.” Check Your Version of CCleaner Users of CCleaner Cloud version have received an automatic update. ![]() In a blog post this morning, Piriform exec Paul Yung writes, “we’re moving all existing CCleaner v users to the latest version. Luckily, the company is taking the necessary steps to correct the situation. According to Avast, about 2.27 million people ran the affected software. The malware affects CCleaner version and CCleaner Cloud version. “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA,” Piriform says in a statement issued on Monday. The malware allowed an infected system to be remotely controlled and collect data from your computer. ![]()
0 Comments
Leave a Reply. |