More than 2 million users of anti-malware tool CCleaner installed a version of the software that had been hacked to include malware. Piriform, the developer of CCleaner now owned by security firm Avast, says its download servers were compromised at some point between 15th August, when it released version v5.33.6162 of the software, and the 12th of September, when it updated the servers with a new version.
In that period, a Trojan was loaded into the download package which sent ‘non-sensitive data’ from infected users’ computers back to a server located in America. The data, according to Piriform, included ‘computer name’, IP address, list of installed software, list of active software, list of network adapters.
As well as the data leak, however, the infection also resulted in a ‘second stage payload’ being installed on to the infected computer – another piece of malware, which Piriform says was never executed.
The company says 2.27m users were infected, but added that ‘we believe that these users are safe now as our investigation indicates we were able to disarm the threat before it was able to do any harm.’
Compromising downloads to trusted software is an increasingly common route by which malware authors infect devices. The method is known as a ‘supply chain’ attack. It works because the attackers are relying on the trust relationship between a manufacturer or supplier and a customer.
www.theguardian.com/uk/technology (19th September)