Wednesday 27 September 2017, Poradnik bezpieczeństwa

A second stage of the CCleaner malware outbreak

Lost24

CCleaner – a very popular maintenance utility for cleaning registry and removing unnecessary files – was recently hacked and used to deliver malware to unsuspecting users. Even though 2.3 million computers were potentially exposed to the malware, Avast Piriform – the producer of the utility – has stated that the attackers had not used the malicious software to do any damage.

Now it seems that the spreading of the malware was just a beginning, and that a second stage of the attack may open the hackers a secret back door into all infected computers.

This finding is particularly dangerous, because according to the Cisco Talos security experts, the hackers have also targeted the major tech companies, such as Microsoft, Google, Samsung, Sony and Intel. The targets are considered to be the most important companies responsible for the development of the modern internet word.

Furthermore, the Cisco Talos security researchers do not exclude the third stage of the attack – completely “fileless” – aimed directly at the RAM memory of the infected unit.

Researchers are in the process of reverse engineering the payload to understand precisely what it does on infected systems.