Piriform, the developers of renowned system tuning software CCleaner had distributed malware affected installation packages via their official website for about 22 days. Going by the reports, more than 2 million people installed the infected version.
Avast, the popular antivirus developers grabbed the ownership of Piriform lately. Despite their antimalware reputation, hackers peaked into the servers and hid a Trojan along with a malware into the installation package.
Hackers Hid Malware inside CCleaner Installation Package
Our world has never been devoid of hackers and privacy snatchers. We reported the notorious WannaCry ransomware attack in the past.
Here, hackers gained access to the servers of Piriform. According to them, it happened on August 15. Once the bad guys got their hands on the inside files of the server, they altered the installation package for the new version of CCleaner and injected a code for Trojan inside it. The anonymous access stayed alive until Piriform gained the control back on September 12. Within this period of 22 days, the company released v5.33.6162 of the software and many people updated to the latest version.
The Trojan, once activated, sent some insensitive data to a remote server in the US. The data included the computer name, IP address, list of installed software, list of active software, and list of network adapters. Though those might not appear to raise a privacy threat, we should aware hackers can invade even reputed security firm servers.
The scary fact is the hackers could hide another piece of malware inside the package. However, they didn’t execute the second stage payload.
The President of the company said that they don’t want to speculate details about the origin, purpose, and authority behind the attack.
In case you use CCleaner, you don’t have to worry now. They released another clean version of the software on September 12 even before Cisco’s intelligence team cautioned Piriform of the security breach. About 2.2 million users became a victim of the attack and the company anticipates most of them might have updated the software to the newest clean version by now.
Snatching access to the servers of reputed software companies and distributing malware is a popular attacking method, known as Supply Chain. In 2016, BitTorrent client servers were also compromised and it spread ransomware on Macs for three days.
Yeah, they have solved the issue now. Nevertheless, it creates a question mark in the minds of readers. Whom should we trust and whom shouldn’t?