Buzz
Security researchers at Cisco Talos have discovered that servers utilized by Avast have been compromised, allowing hackers to replace the original version of the software with malicious code and distribute it to millions of users over the past month.
If you're using CCleaner version 5.33, uninstall it now to avoid malware infection.
This attack serves as a classic example of a 'Supply Chain Attack' scenario. Earlier this year, MeDoc's update servers were also compromised in a similar manner to distribute the widespread Petya ransomware globally.
Both Avast and Piriform have confirmed that versions CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 for Windows 32-bit are affected. Therefore, completely uninstall CCleaner version 5.33 and install the latest version of CCleaner from here: Download CCleaner
This malicious software was detected on September 13, containing data-stealing malware on infected computers and transmitting that data to remote command-and-control servers.
If you're using CCleaner version 5.33, uninstall it now to avoid malware infection.
Furthermore, hackers have digitally signed the malicious installer file (v5.33) using valid signatures issued by Piriform and employed the Domain Generation Algorithm (DGA). In case the hacker's server goes down, DGA can generate new domain names to receive and send stolen information.
'All collected information is encoded by base64 with a custom alphabet,' said Paul Yung, vice president of product at Piriform. 'Then the encoded information will be sent to an external IP address 216.126.x.x via HTTPS POST request.'
The malware is programmed to collect a large amount of user data, including:
- Computer names.
- List of installed software, including Windows updates.
- List of all running processes.
- IP addresses and MAC addresses.
- Additional information such as processes running with Admin privileges and whether it's a 64-bit system.
How to Remove Malware from Your Computer?
According to Talos researchers, approximately 5 million people download CCleaner (or Crap Cleaner) every week, indicating that over 20 million users may have been infected by the malicious CCleaner version.
'This attack could have significant implications due to the extremely high number of systems infected with malware. As of November 2016, CCleaner claimed to have over 2 billion downloads worldwide, with an additional 5 million app downloads every week, meaning this download count will only increase,' according to Talos researchers.
However, Piriform estimates that about 3% of users (up to 2.27 million people) are affected by this malicious installation.
Users are at risk of becoming victims and are advised to update to CCleaner version 5.34 or higher to protect their computers from intrusion. Additionally, it's recommended to use top-notch antivirus and malware software to ensure the safety of their machines. There are several antivirus options available such as KIS and AVAST...
