DGA Domains associated with the compromised update:.IP address associated with the compromised update: MD5 hash associated with the compromised update: Indicators of Compromiseįile associated with the compromised update: Piriform warns that they need to finish the incident response process to address any concerns related to the use of its digital certificate. Currently, VirusTotal shows that 40 of 64 detection engines detect the malware. This information can then be used to tailor specific malware for the machine. If the user updated to the 32-bit version of CCleaner, they then executed the infected file, installing the malware.įloxif is a reconnaissance stage malware, with the payload designed to setup communication to a C2 server in order to exfiltrate non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters).
Any user updating CCleaner to the infected versions would have downloaded the infected file.
#CCLEANER CLOUD PRO UPDATE#
The malware was packaged with the CCleaner update in the installation executable, which was signed using a valid digital signature issued to Piriform by Symantec. Users also can clean temporary files, and analyze their system to determine ways to optimize performance. law enforcement and shut down the command and control (C2) server on September 15.ĬCleaner allows users to manage applications and perform routine maintenance on their systems. Updated versions, released on September 12 remediated the issue. (Piriform is owned by Avast.) The August 15 release of CCleaner version and the August 24 update of CCleaner Cloud version were compromised with Floxif malware.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is aware of a supply chain compromise affecting at least two versions of Piriform’s CCleaner software.
0 kommentar(er)
