A new hack has been announced and it’s affecting over 2 million users. The infected application is called CCleaner and it’s one that even we have mentioned in the past because it’s free and works well to run file clean up to remove clutter from your hard drive. But, as with so many other breaches, when you’re dealing with free software, sometimes you get what you paid for.
From a Forbes article:
It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.
Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.
The malware would send encrypted information about the infected computer – the name of the computer, installed software and running processes – back to the hackers’ server. The hackers also used what’s known as a domain generation algorithm (DGA); whenever the crooks’ server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.
The Chief Technology Officer at the parent company, Avast, says there is no reason to fear. They launched an automatic update to users that downloaded the infected version of the software in the last couple of weeks. This should also serve as a warning for users that have disabled automatic updates that you should take a moment to install your immediately.
They also believe that they stopped the attack before any significant data was stolen, believing that the hackers intended a second phaase of attack that was thwarted by quick detection and remediation.
If you’re uncertain about how effective your current cybersecurity solution is, contact us. We offer a range of antivirus and monitoring services, as well as backup and recovery (which may be the best solution to cybercrime there is).