Over 2.3 million users have been infected with Malware from a hacked version of the CCleaner application – an application designed to optimize and enhance a computer’s performance.
Users who downloaded or updated CCleaner between August 15 and September 12 this year are being urged to remove or update the program immediately.
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
Thehackernews.com reports: Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.
Balenciaga Pedo-gate Blown WIDE OPEN
Klaus Schwab and George Soros Declare China Must Lead New World Order
Klaus Schwab: ‘God Is Dead’ and the WEF is ‘Acquiring Divine Powers’
‘Passion of the Christ’ Star Claims Hollywood Elite Are Trafficking Children For Adrenochrome
Bill Gates Tells World Leaders ‘Death Panels’ Will Soon Be Required
Justin Bieber: Facial Paralysis Is ‘Punishment’ For Exposing Illuminati Pedophilia
Spanish Royalty Expose Who Really Killed Princess Diana
‘Controlled Opposition’: Dave Chappelle’s Family Say He Was Killed and Cloned by the Illuminati
Michael Jackson Was Murdered for Saying SAME Things As Kanye 13 Years Ago
Error 403: The request cannot be completed because you have exceeded your quota..
Domain code: youtube.quota
Reason code: quotaExceeded
This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide.
Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.
Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker’s remote command-and-control servers.
Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers’ server went down, the DGA could generate new domains to receive and send stolen information.
“All of the collected information was encrypted and encoded by base64 with a custom alphabet,” says Paul Yung, V.P. of Products at Piriform. “The encoded information was subsequently submitted to an external IP address 216.126.x.x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request.”
The malicious software was programmed to collect a large number of user data, including:
- Computer name
- List of installed software, including Windows updates
- List of all running processes
- IP and MAC addresses
- Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.
How to Remove Malware From Your PC
According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app.
“The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week,” Talos said.
However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.
Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here.
Latest posts by Sean Adl-Tabatabai (see all)
- Rand Paul: ‘Fauci Has the Blood of 7 Million People on His Hands’ - December 2, 2022
- Planned Parenthood Executive Declares ‘Children Are Sexual Beings From Birth’ - December 2, 2022
- Dolly Parton: ‘Satan Is Real and He’s Trying To Destroy Our World’ - December 2, 2022