«
»

Backdoor in CCleaner Infects Windows Users With Malware

Avast has advised users of its CCleaner which is an optimization application for Windows to immediately update their software after discovering a backdoor in the tool. Here’s what Forbes had to say:

The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.

Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.

The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

Now it’s really embarrassing when an anti-virus company has one of its own products be a vehicle for malware. Clearly someone over at Avast was asleep at the switch. If you’re a Windows user who uses this software, I’d be dumping it right now and following these directions to see if you were infected. Then you should install(if you must) to the latest version which is available for download here.

This entry was posted on September 18, 2017 at 4:04 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Backdoor in CCleaner Infects Windows Users With Malware”

  1. If You Value Your Privacy, Stop Using CCleaner NOW! | The IT Nerd Says:
    August 3, 2018 at 7:40 am

    […] bought by Avast last year. Since that happened I’ve seen advertising and what I consider malware creeping into the […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading