Avast said that 2.27 million users downloaded the tainted CCleaner software back in 2017 1,646,536 computers were infected with the first-stage Floxif trojan that scanned for high-value targets but only 40 computers received the second-stage trojan, a more powerful backdoor. MADRIDAs the investigation continues into the backdoor planted inside CCleaner, two. The list of targets included Cisco, Microsoft, Google, NEC, and many other major companies. Two members of Avast’s threat intelligence team shared new information about the CCleaner backdoor attack.
#AVAST CCLEANER MALWARE DOMAIN TARGETS DOWNLOAD#
The attackers, believed to be a group of Chinese state-sponsored hackers, inserted malware that would only download a second-stage payload when CCleaner was installed on the network of a major company. This comes two years after hackers stole trade secrets from high-profile tech firms by rigging version 5.33 of Avasts CCleaner with well-hidden malware, but we do not know if this was the same. At the time the server was taken down, the attack was targeting select large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. Hackers breached Piriform's network via a TeamViewer account and planted malware inside CCleaner. And Avast trusted CCleaner enough to promote and bundle them. The 2017 CCleaner hack happened before Avast bought Piriform, the company behind CCleaner.
The investigation is ongoing and the company promised more updates.Īvast previously received praises for the openness it showed while investigating the 2017 CCleaner hack, publishing several updates on the incident, as it continued to learn more about the 2017 breach in the subsequent months. "From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected," Baloo said. A few days after uncovering the CCleaner malware attack, researchers found out that some high-profile technology companies were the main target of the attackers.
0 kommentar(er)
