![]() ![]() BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems.Related: Avast Acquires CCleaner Developer Piriform According to Cisco, users should consider restoring their machines to a state before August 15, 2017, or even perform a full reinstall. They should also scan their systems with an anti-virus solution to remove any malicious code that might still be present. Impacted users are advised to update to CCleaner v5.34 as soon as possible. The company also notes that the antivirus detection for the threat was very low at the time of analysis. While analyzing the domains associated with the infection, Cisco discovered an increase in activity following the August 15 release of the infected CCleaner variant. We believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm,” the company’s official said. “We estimate that 2.27 million users had the v software, and 5,010 users had the v of CCleaner Cloud installed on 32-bit Windows machines. Responding to an email inquiry from SecurityWeek, an Avast spokesperson said that an estimated 2.27 million users have downloaded the infected CCleaner iterations. In July, the application had over 130 million users worldwide, including 15 million Android users. The company says that only around 3% of the CCleaner users have been impacted by the incident. The investigation is still ongoing,” Paul Yung, VP, Products, Piriform, notes in a technical post detailing the incident. “At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it. The company says it worked with download sites to remove CCleaner v, it pushed a notification to update CCleaner users to v5.34, and also automatically updated CCleaner Cloud users from v to, in addition to delivering an automatic update to Avast Antivirus users. law enforcement to shut down the server, which was accomplished on Sept. Piriform also claims to have taken the necessary steps to ensure that its CCleaner v and CCleaner Cloud v users were safe, all while working with the U.S. According to the company, this non-sensitive type of data is the only data that was sent to the server. The malware was designed to gather various data from the infected systems, including computer name, IP address, list of installed software, list of active software, list of network adapters, and send it to a third-party server in the United States, Piriform reveals. It also uses a Domain Generation Algorithm (DGA). The malicious code includes steps designed to evade detection, and terminates execution if the user doesn’t have admin privileges. The installers were infected with a malware known as Floxif, and was modified in such a way to execute the malicious code during the legitimate application’s installation process. Ideally this certificate should be revoked and untrusted moving forward,” Cisco says. “The presence of a valid digital signature on the malicious CCleaner binary may be indicative of a larger issue that resulted in portions of the development or signing process being compromised. No information on how the compromise happened has been provided as of now, but Cisco Talos security researchers discovered that the infected CCleaner installers were signed with a valid certificate and were being hosted directly on CCleaner’s download server. The issue was discovered last week, nearly a month after the infected application was made available for download. The infected CCleaner versions include 32-bit CCleaner v, released on August 15, and CCleaner Cloud v, which was released on August 24. Developed by Piriform Ltd, which was acquired by Avast in July, the software had around 2 billion total downloads as of November 2016. The affected application, CCleaner, helps users perform routine maintenance on their systems, and provides functionality such as temporary files deletion, performance optimization analysis, and application management. More than 2 million users are estimated to have downloaded a maliciously modified version of a software utility owned by antivirus firm Avast. Infected CCleaner Utility Highlights Dangers of Software Supply Chain Attacks
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |