Guillermo Szikora

TI, ERP, CM, SMM, RRSS. Soporte e implementación.

Antivirus GDATA

¡Alerta! CCleaner, hackeado!!! Si eres usuario, actualiza lo antes posible a la versión 5.34

09/18/2017 | Bochum, Author: Tim Berghoff

Warning: Malware-laden version of CCleaner 5.33

Security researchers found out that that one version of the popular system tuning application «CCleaner» was infected with malware. We take a brief look at this case as well as several other cases from the past.

The popular system tuning application „CCleaner“ was shipped with a „blind passenger“ for about a month. Researchers at Talos have found out that the version available on the official download site contained a piece of malware. There are two factors which make this case particularly interesting: for one, the application has a very broad user base. According to information from the manufacturer, the application has a total of around two billion downloads and counting. The number of affected users is therefore very high. The manipulated version of CCleaner was also signed with a valid certificate. These certificates are meant to ensure that an application comes from a trusted vendor. Therefore, someone with access to a stolen certificate can reach a very wide audience – unsigned applications are not executed by Windows unless additional settings are manipulated.

G DATA customers are protected

The manipulated version 5.33 of CCleaner was shipped between August 15 and September 12.. All G DATA solutions detect the version as Win32.Backdoor.Forpivast.A.  

An amended version has already been released. Users who have the affected version installed are advised to update to version 5.34. The free versions of the program do not install the update automatically – in this case, users need to download the updated setup file manually and install it.

Compromised downloads – not a new phenomenon

The fact that the infected version 5.33 had been signed with a valid certificate points to several potential security issues, ranging from a compromised certification process to a compromised certification authority.

However, spreading malware that was signed with a valid certificate or malware-laden versions of legitimate programs via official channels is by no means a new phenomenon. In the past, similar things happened to a Torrent-Client for Mac as well as a Linux-Distribution. The „Petna“ malware used the update infrastructure of an accounting software.

Malware authors appear to go to ever greater lengths in order to infect as many machines in the shortest possible amount of time. The supply chain is a very valuable target for this. If an attacker can successfully compromise the supply chain of a vendor, this has far-reaching consequences – this is also something that has happened already in the past.

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.

TI, ERP, CM, SMM, RRSS. Soporte e implementación. Dicen que soy psicólogo. Canal autorizado SAINT y Lcdo en Administración.