Researchers at cyber intelligence firm Cisco Talos have discovered that a version of the popular maintenance software CCleaner is infected with malware.
Usually the software is used to clean up temporary files and optimise a system but between 15th August and 12th September version 5.33 of CCleaner was hiding a malicious payload.
“We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download,” wrote Cisco Talos in a blog.
That other application was malware that set up communication with a command and control server.
The point of this malware? During Cisco Talos’ research it discovered the malware making a significant number of DNS requests leading many to believe that the malware was forcing machines to partake in a massive botnet.
The malware also sent information about the infected system to a command and control server but no information appears to be sent to that server.
The server has since been shut down and its malicious software removed.
There is however, another point to this – to sew seeds of mistrust.
“By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files and web servers used to distribute updates,” said Cisco Talos.
We saw a similar attack earlier this year with NotPetya. That ransomware was delivered via official update channels.
Users that were unlucky enough to download and install version 5.33 of CCleaner have two options; restore your system to a point in time before 15th August or format and reinstall.
There is one ray of hope for anybody that uses CCleaner but doesn’t regularly update the software. Avast doesn’t automatically deliver updates so if you download version 3.34 you should be safe from malware.[Image – CC BY 2.0 Alan Levine]