Skip to main content
close search
site logo
Dive Brief

Hackers exploit vendor trust in worm-like malware attack on CCleaner

Published Sept. 19, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr user Nguyen Hung Vu

Dive Brief:

  • CCleaner, a popular system maintenance tool for Microsoft Windows devices, had a malicious malware implanted in its software, according to security researchers at Cisco Talos. The attack is said to have impacted 2.27 million users, according to The Verge.
  • The infected application is Avast-owned Piriform's CCleaner 5.33 and was discovered by Talos on September 13 but was available for download since August 15, the researchers said. It is unknown where the code came from but the attack is said to be contained as the "rogue server is down," according to a statement made by Piriform. The company released updates to CCleaner Cloud users saying there should be no more threat.
  • Cisco Talos compared the malware to this year’s Nyetya attack after it hit more than 12,500 devices with worming capabilities. Nyetya was disguised as a Microsoft update but wiped machines of their data. 

Dive Insight:

The problems lie in the ability of hackers to infiltrate a product’s coding before its shipment and the undetected nature of worm-like infections. Cisco Talos said the supply chain-style of attack is a very easy way for hackers to administer a widespread cyberattack. 

Piriform claimed it has yet to find evidence of nefarious actions on its own systems after running a security scan on the machines CCleaner was installed on. However, critics say it is too early to speculate on the scope of the attack. Users are advised to manually update to CCleaner 5.34, the latest update at the time of the researchers' report, to avoid an infection.

Right now, Avast does not know who or why its product was hacked but there is speculation surrounding the hackers’ intent. The attackers were targeting vendor-customer relationships, said the Cisco Talos researchers. "In many organizations data received from [common] software vendors rarely receive the same level of scrutiny as that which is applied to what is perceived as untrusted sources."

In other words, products being introduced to networks by trusted vendors are typically overlooked for carrying malicious content. The same was true of Nyetya as the fake Microsoft updates relied on the trust associated with the brand name. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
A10 Networks Outlines Blueprint to Secure and Deliver AI Applications and Help Increase Cyber …
From A10 Networks
October 16, 2024
Newgen Software reports Revenues from operations at Rs 361 cr in Q2 FY’25, up 23% YoY
From Newgen Software
October 16, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell