Tainted CCleaner App Scare Requires Immediate Software Update 

Is your business affected by the most recent malware attack on a popular Windows software? Get the details on how to protect yourself.  

It may be an IT professional’s worst nightmare: an app or piece of software that is meant to clean malware off of your computer system that actually is the delivery mechanism for a clever cyber attack. Unfortunately, this scenario is playing out in real time with the popular Windows app CCleaner, a utility installed on millions of systems to provide optimization and easy maintenance. Hackers have hijacked the software, adding malware to the base install — even versions that were installed from the official download site. Worse yet, the software was recently acquired by Avast, the prominent anti-virus software maker, leading experts to believe that this may not be the last attack that comes in the guise of a Trojan horse stored within legitimate tools.

What is Malware?

“Malware” is a term that is short for “malicious software”, or programs that are designed to damage and infiltrate computers without the consent of users. There are a variety of different threats that are grouped under the term malware, including:

• Viruses and Worms: These threats are considered contagious because they not only penetrate a user’s computer but also utilize system resources to spread their venom to others. Both versions contain malicious code that is designed to damage a user’s system, called a payload.
• Rootkits and Trojans: Concealed attacks, or masked threats such as the Trojan, hide in your system by pretending to be benign applications. Unfortunately, users download the “safe” software and end up with a computer that’s been infected with harmful malware. Rootkit techniques are a way of hiding malware from anti-virus or detection and removal programs.
• Keystroke Loggers and Spyware: Identity theft, phishing, and social engineering are all versions of spyware that are utilized to gather your personal information for financial gain. Whether that gain comes in the guise of selling your credit card number for immediate use in purchasing or creating a long-term stream of income by applying for multiple credit cards with your identity information, hackers are always looking for ways to exploit stolen information.

Dangers of Malware

The dangers of malware are very different for personal users versus those on a corporate network. While individual users may find that malware only affects their personal computer, malware can spread through a corporate network quickly — quite literally like a cold or flu virus through a crowded hospital waiting room, only much faster. Some malware simply slows down your system without having an appreciable impact on operations, while other types may completely shut down your digital operations or allow hackers backdoor access to your most sensitive customer data and trade secrets.

Why the CCleaner Hack is Unique

While hackers often target social media, email and other methods of encouraging unsuspecting users to install their malware, the CCleaner situation is relatively unique in the cybersecurity world. Why? Because of where the hacking occurred — much further up the supply chain than most users would expect. The hack was done before a truly legitimate piece of software was distributed, free software that millions of users trust to help maintain system optimization. Worse still, the software is distributed by a well-known security manufacturer, Avast, who specializes in anti-virus and anti-malware software. Together, these facts are likely to erode consumer confidence in security software as a whole. Perhaps the most frightening aspect of this particular attack is that Avast is particularly careful with creating an unforgettable digital signature that is attached to all of their downloads, yet the hackers were able to inject their malware code before the signature was even applied. This lack of security within the Avast supply chain and the lack of quality control before distribution occurred are causing a stain on the security manufacturer’s reputation through the cybersecurity community.

Effects of the Malware

Once the corrupted CCleaner or CCleaner Cloud software was installed on your computer, it would immediately begin sending information about your system back to the hackers’ server. These details included everything from the names of software installed on your system, which processes are running in the foreground and background and even the name of your computer — all of which would be in the hackers’ hands to allow further penetration of your computers and networks.

Protecting Your Business

Fortunately, while the problem is widespread and includes millions of downloads of the tainted software, the fix is relatively simple. If you’ve installed CCleaner or CCleaner Cloud version, you should upgrade immediately to the latest release. Both the online version as well as the downloadable version have been tested, cleaned and updated. Additionally, the rogue server that was receiving information from the malware has been removed from the hacker’s control, effectively disarming the threat before it could take hold. Any version of CCleaner 5.34 or greater will eliminate the threat from your systems. Users of CCleaner Cloud received an automatic pushed update as soon as the infiltration was discovered, while users of CCleaner download version will need to take the action of completing a download and installing the program.

Avast shared publicly that the attack, while widespread, shouldn’t be cause for panic since the details that hackers were receiving from the tainted software was relatively benign. However, that same information could have been gathered for a phase two attack that never materialized. This particular malware incident has a relatively happy ending, but this is rarely the case. Protecting your critical systems and staying up-to-date on all new versions of software and patches can be a challenging and time-consuming job for smaller IT teams.

Let Compunet InfoTech work with your Vancouver business to determine best practices and timing that will keep you protected. Contact us today at (604) 986-8170 or via email to info@compunet.ca for your free initial security consultation.

Author: Joe Martin, Date: 2017-09-26