"Given the presence of this compilation artifact as well as the fact that the binary was digitally signed using a valid certificate issued to the software developer, it is likely that an external attacker compromised a portion of their development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization," the Cisco Talos researchers said in a blog post. There is also a compilation artifact inside the executable suggesting it was compromised before compilation. The rogue installer was digitally signed with the developer's legitimate certificate, which means the malicious code was added to it before it was signed. Instead the backdoored program was distributed from the developer's official servers, as well as third-party download sites. What's worse is that this is not a case where hackers took the CCleaner installer, modified it, and then distributed a malicious version through alternative means. A subsequent investigation revealed that it was not a false positive and that the executable program was indeed carrying a sophisticated backdoor program. The compromise was detected by researchers from Cisco Systems' Talos group after one of the company's products triggered a malware detection on a CCleaner installer. The 32-bit versions of CCleaner v and CCleaner Cloud v were affected.
#CCLEANER MALWARE CALLED UPDATE#
12 should scan their computers for malware and update their apps.
Users who downloaded and installed CCleaner or CCleaner Cloud between Aug.
0 kommentar(er)
