CCleaner Hacked: What Do You Need To Know

CCleaner를, one of the most popular system tools on Windows, was confirmed to be compromised early this month, resulting in up to 3% of CCleaner’s users, roughly around 2 백만, are/were using two compromised versions of CCleaner on their Windows computers. If you are using CCleaner to help you keep your system clean, here is what you need to know, according to the CCleaner’s official blog postCisco Talos post.


What’s affected?

Two things first,

  1. Only Windows 32-bit edition is affected.
  2. Two versions released between August 15 and September 12, 2017, are affected. 그들은:
    1. CCleaner를 5.33.6162
    2. CCleaner Cloud 1.07.3191

If you are running a version later than these two or running the same version but on a 64-bit of Windows, you are safe.


What can these hacked versions do?

그만큼 compromised version will collect the following information about the local system and encrypt them before sending off to a remote IP address or a different location if the IP address becomes unavailable.

  • Name of the computer
  • List of installed software, including Windows updates
  • List of running processes
  • MAC addresses of first three network adapters
  • Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, 기타.

It also reads a reply from the same IP address and downloads a second stage payload from that address, further encrypted by the same algorithm as in the first stage. 하나, CCleaner stats that they have not detected an execution of the second stage payload and believe that its activation is highly unlikely.

What to do if I am using CCleaner?

Here are steps you need to take:

  1. Check the version of CCleaner on your computer.
  2. If it’s older than 5.33.6162 or Cloud 1.07.3191, you are safe. It’s time to update to the latest version.
  3. If it’s the newer or the same version of infected one,
    1. Update to the latest version if you want to continue using the tool, 과
    2. Run a manual scan of your AV and make sure your system is clean.
    3. Check the following registry and delete it if you find it existed in your system.

What really happened?

The attack is called Supply Chain Attack that is a very effective way to distribute malicious software into target organization, using the trust relationship between a manufacturer or supplier and a customer.

요컨대, hackers were able to hack their way to the CCleaner’s site and inject the malicious code into two versions of CCleaner, 5.33.6162 of CCleaner and 1.07.3191 version of CCleaner Cloud. 운 좋게, both CCleaner and Cisco were able to quickly detect the suspicious downloading activities and stop them from being widely distributed.

As to why and how the hackers made their way in, it’s still under investigation.


회신을 남겨주

이 사이트는 스팸을 줄이기 위해 Akismet 플러그를 사용. 귀하의 코멘트 데이터가 처리되는 방법 알아보기.

우리는 당신에게 최고의 온라인 경험을 제공하기 위해 쿠키를 사용합니다. 동의함으로써 당신은 우리의 쿠키 정책에 따라 쿠키 사용을 허용.