![]() ![]() Cisco Talos suspects the attackers planned to use the malware to conduct industrial espionage. ![]() “Given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds,” Avast says.Ĭisco Talos also studied the malware’s command server and reports that it was attempting to infiltrate PCs in technology organizations, including Intel, Samsung, HTC, VMWare, Cisco itself, and others. Update: On September 21, Avast revealed that the malware was designed to deliver a second-stage payload to infected computers in specific organizations, and at least 20 machines across eight companies contacted the command and control server. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system. Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”) He also says Piriform has shut down the hackers’ access to other servers. ![]() Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data. 21 with details about the malware targeting specific technology companies for industrial espionage. In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.Įditor’s note: This article was first published on September 18, 2017, but was updated on Sept. The Avast post said that the investigation into the CCleaner compromised was continuing and it would issue further updates as needed.It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, might not have been keeping your PC so clean after all. "Besides the keylogger tool, other tools were installed on the four computers, including a password stealer, and tools with the capacity to install further software and plugins on the targeted computer remotely." "By installing a tool like ShadowPad, the cyber criminals were able to fully control the system remotely while collecting credentials and insights into the operations on the targeted computer," the Avast post said. The installation of ShadowPad was presumed to have been done by the second stage downloader of the malware that was used to compromise CCleaner. In the course of this process, it found that ShadowPad had been installed on the four Piriform PCs on 12 April 2017. In its latest update, issued on Thursday, Avast said in order to complete its investigation, it had migrated all the Piriform infrastructure to its own set-up. They then put up a second post on 20 September, after the second Talos post was published. Avast chief executive Vince Steckler and chief technology officer Ondřej Vlček published a blog post on 18 September, providing details of the incident. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |