- CCleaner, a popular system maintenance tool for Microsoft Windows devices, had a malicious malware implanted in its software, according to security researchers at Cisco Talos. The attack is said to have impacted 2.27 million users, according to The Verge.
- The infected application is Avast-owned Piriform's CCleaner 5.33 and was discovered by Talos on September 13 but was available for download since August 15, the researchers said. It is unknown where the code came from but the attack is said to be contained as the "rogue server is down," according to a statement made by Piriform. The company released updates to CCleaner Cloud users saying there should be no more threat.
- Cisco Talos compared the malware to this year’s Nyetya attack after it hit more than 12,500 devices with worming capabilities. Nyetya was disguised as a Microsoft update but wiped machines of their data.
The problems lie in the ability of hackers to infiltrate a product’s coding before its shipment and the undetected nature of worm-like infections. Cisco Talos said the supply chain-style of attack is a very easy way for hackers to administer a widespread cyberattack.
Piriform claimed it has yet to find evidence of nefarious actions on its own systems after running a security scan on the machines CCleaner was installed on. However, critics say it is too early to speculate on the scope of the attack. Users are advised to manually update to CCleaner 5.34, the latest update at the time of the researchers' report, to avoid an infection.
Right now, Avast does not know who or why its product was hacked but there is speculation surrounding the hackers’ intent. The attackers were targeting vendor-customer relationships, said the Cisco Talos researchers. "In many organizations data received from [common] software vendors rarely receive the same level of scrutiny as that which is applied to what is perceived as untrusted sources."
In other words, products being introduced to networks by trusted vendors are typically overlooked for carrying malicious content. The same was true of Nyetya as the fake Microsoft updates relied on the trust associated with the brand name.