|Warning: the CCleaner Hacked more than 2.3 million users Infected|
If you download and update the application CCleaner on the computer between 15 August and 12 September 2017 from its official site, then consider-your computer has been compromised.
CCleaner is a popular app with over 2 billiondownloads, made by Piriform and recently acquired by Avast, which allows users to clean their systems to optimize and improve performance.
Reported by thehackernews, from Security Researchers from Cisco Talos found that servers weekly used by Avast to let users download those applications compromised by some hacker’s evil, which replace the original version of the device the software.
Share it to millions of users for about a month. Server update from Ukraine company called MeDoc also compromised in the same way to distribute money guarantees Petya, which wreaked havoc around the world.
Recently the Piriform has ensured that the 32-bit Windows version of CCleaner CCleaner and 5.33.6162 Cloud v v1.07.3191 affected by the malware.
Reviewed September 13, then a malicious version of CCleaner contains multi-stage malware payload that steal data from infected computers and sends it to the server command and control an attacker.
An unknown hacker signed executable malicious installation (v 5.33) using a valid digital signature is issued to the Piriform by Symantec and using Domain Generation Algorithm (DGA), so if the server the attacker down, DGA can generate new domain to receive and send information stolen.
All information collected is encrypted and encoded by base64 alphabet with custom, kataPaul Yung, VP of products at Piriform.
The information is encoded and then submitted to an external IP address 216.126 xx (these addresses have been published in the payload) via HTTPS POST request.
Malicious software is programmed to accumulate a large amount of data the user data, including:
* Computer name
* List installed software, including Windows Update
* List of all running processes
* IP and MAC addresses
* Additional information such as whether the process runs with admin privilege and whether it is a 64-bit system.
According to researchers Talos, about 5 million people downloading CCleaner (Crap Cleaner or) every week, which indicates that more than 20 million people may be infected with a malicious version of the application.
The impact of this attack can be quite severe given the very high number of systems may be affected. CCleaner claims to have more than 2 billion downloads worldwide startingNovember 2016 and is reported to add a new user with a speed of 5 units of ion a week, said Talos.
Piriform estimates that up to 3 percent of its users (up to 2.27 million people) affected by the hazardous installations. The affected users are strongly encouraged to update theirCCleaner software to version 5.34 or higher,to protect their computer from being compromised.