Technology

You might be one of the 2 million people who got hit by a CCleaner malware

Virus, hacks, malware pose an imminent threat to our digital life. One wrong move and you could get trapped in a cyber mess. However, it is easier to secure yourself from something you know looks suspicious. But what to do when you’re faced with something that has disguised itself as completely legitimate? Something similar just happened to people who use CCleaner.

PC cleaner app called CCleaner – short for Crap Cleaner – has unwittingly exposed its users to a malware. According to reports from Cisco Talos, a legitimately signed version 5.33 of CCleaner had “a multi-stage malware payload that rode on top of the installation of CCleaner”. This is a cause for concern as CCleaner has a wide user base. By November 2016 it had been downloaded over 2 billion times with a growth rate of 5 million users per week.

According to CCleaner’s parent company Avast, the software was tainted with malware in August when the 5.33 version was released. About 2.27 million people have downloaded the app in that time period. However, now a new version 5.34 has been put out. The malware was able to access the affected person’s MAC address, computer name, list of running processes and software. However, Avast alleges that all the data that the malware may have captured is useless since it has been encrypted.

Also Read: A malware has been detected which can steal money through smartphones

Craig Williams, the head of Cisco’s Talos team, said, “There’s a concerning trend in these supply-chain attacks. Attackers are realizing that if they find these soft targets, companies without a lot of security practices, they can hijack that customer base and use it as their own malware install base…And the more we see it, the more attackers will be attracted to it.”

However, the matter for concern here is that Avast is a big security company itself. How did it get affected by malware, that too on a software update that had a legitimate signature on it? Avast addressed this issue by saying that they cryptographically sign all installations so that hackers cannot spoof them without having access to a cryptographic key. However, in this case, turns out hackers infiltrated Avast’s software development chain before the actual update was sent out. Avast did not find out about this infiltration until it was too late and ended up putting their stamp of approval on a malware that was riding on their installation file.

If you happen to be a regular CCleaner user or if you installed an update in August, it would be best to update to the latest version.

Sponsored
Maryam Dodhy

I love bringing to light stories of extraordinary people working in Pakistan's tech and startup industry. You can reach out to me through maryamdodhy@techjuice.pk.

Leave a Comment
Share
Published by
Maryam Dodhy
Tags: News

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

5 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

5 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

5 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

6 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

6 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

6 hours ago